I would like to implement a domain whitelist to an application we are developing that will use Azure B2B authentication against an App created at apps.dev.microsoft.com. I'd like to be able to have the user enter their email address, where upon their domain is checked. If that domain in on a whitelist then proceed to their respective sign-in page and let them attempt to authenticate, otherwise return a 401 error (I want my user to stopped trying to authenticate if they are not part of my whitelist). I would appreciate guidance.
Asked
Active
Viewed 842 times
2 Answers
0
Currently you can't perform the customize domain checking logic after user entering the username on the sign-in page . Instead , you'll need to check that in your app , checking the issuer claim(tells an application what tenant the user is from) in JWT token .
Nan Yu
- 26,101
- 9
- 68
- 148
0
I think you are looking for this:
We are happy to announce the world wide roll-out of Allow/Block list support >for guest access in O365 Groups. With this feature, IT Admins can set-up a list >of domains to
Allow guest users of specific domains to be invited to Groups.
Block guest users of specific domains to be invited to Groups.
The script they provide there is not signed by Microsoft, so I suggest using this link (where it is signed):
https://www.microsoft.com/en-us/download/details.aspx?id=55709
