Skip to main content

User Assignment Required

All Enterprise Applications in Microsoft Entra ID have a setting called "User Assignment Required". This setting is set to "Yes" by default when creating an application using apps.identity.tamu.edu, regardless of whether the app is using OIDC or SAML.

When this setting is enabled, it functions as a basic access control configuration.

Any users and groups who are added to the Enterprise Application's "Users and Groups" list will be granted the ability to authenticate to the app. If a user is not added directly or via a group, they will not be able to authenticate to the application at all and will receive an error when they try to do so.