restrict access to azure web app without ip filtering

Question

I have a "public" website deployed on azure. I want to get access only from a limited number of authorized tester persons. I cannot use ip restriction because all of us have dynamic ip and we are dislocated all over the world.

Here the solution I have adopted, but I am not confindet is the correct.

I have enabled authentication.

I have also created users in active directory and added to my application:

Everything works. Now, before access to the website, people must login.

But... what I do not like is that people can access to portal azure with the email I have authorized on active directory. They do not see anything, but they can access into that directory. is there a way to avoid this? Does exists a better solution to restrict access to my website?

Thank you

question from:https://stackoverflow.com/questions/66062004/restrict-access-to-azure-web-app-without-ip-filtering

Answer 1

You can restrict access to Azure Portal with Azure AD conditional access

https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management

https://docs.microsoft.com/en-us/answers/questions/112173/can-we-restrict-azure-portal-httpsportalazurecom-a.html#:~:text=Yes%2C%20we%20can%20restrict%20access,Azure%20AD%20Premium%20P1%20License.&text=as%20shown%20below%3A-,Navigate%20to%20Azure%20Portal%20%3E%20Azure%20Active%20Directory%20%3E%20Security%20%3E%20Conditional,and%20Groups%20%3A%20Select%20required%20users.