How to allow app registration to be accessed only by specific user or group?

Question

I'm exploring azure app registration and when creating this it asks me to choose either of following options. Is there a way to allow only a specific user or user group to access this app registration?

https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users — Peter Bons, Aug 11 '22 at 06:38
I'm confused because after creating the app registration I need to add permission for signed-in user or delegated (for daemon). Does the link you mention above apply only to signed-in user? — variable, Aug 11 '22 at 07:33

score 1 · Answer 1 · answered Aug 16 '22 at 08:08

Using Role-based access control (RBAC) we can set specific permissions to specific users or groups to access and manage resources.

Thanks to @Alex Simons , check the below workaround to restrict the access only for specific user or group.

In Azure AD, Create a Custom Role

Navigate to Azure Portal => Azure AD => Roles and administrators => New custom role

enter image description here Add the name and description for the Custom Role. In Permissions tab, search with credentials keyword

If you want to restrict a specific user, select below Permission

microsoft.directory/applications/credentials/update

OR

If you want to restrict user group, select below Permission

microsoft.directory/applications.myOrganization/credentials/update

and click on Create to create new custom role

enter image description here

We need to assign the created custom role to the app which we want to restrict the users.
In Azure AD => App registrations => Select your App => Roles and administrators, here you can see the custom role which you have created
Click on the newly created custom role => Assignments => Add Assignments.Select the user and click on Add.
When I tried to access the Application with the Account which is not given permission, I got the below error