Azure AD - Configurate Single Sign On for group
I would like to create an SSO for a single application, but I want SSO login to be only for one dynamic group, not the entire tenant.
I see only two options: Accounts in this organizational directory only (MyTenant- single tenant only) Accounts in any organizational directory (any Microsoft Entra ID tenant - multi-tenant)
Is it possible?
Microsoft Documentation.
I agree with @Tiny Wang, there is no option in Azure AD to configure Single Sign On for group.
As a workaround , you can assign users or groups to the Azure AD application to sign in.
Go to Enterprise applications -> Select your app -> properties -> set Assignment required as YES
Go to users and groups and add the group:
When I tried to sign-in with the member of the group, the user got successfully signed in:
When I tried to sign-in with the user who is not the member of the group got the below error:
Reference:
Restrict Microsoft Entra app to a set of users - Microsoft Entra | Microsoft