Require user assignment in Azure AD
When you registered your WordPress website as an app in Azure AD (see https://docs.wpo365.com/article/154-aad-single-sign-for-wordpress-using-auth-code-flow for details), Microsoft registered a so-called Enterprise Application for you.
Note An App Registrations are basically the apps local to the tenant / organization in which they have been registered to generate a unique application id. Enterprise apps are local and global apps which can be configured and used within your tenant/organization.
If you'd like to restrict access to your WordPress website to certain Azure AD users and groups you can achieve this in the following two ways.
Option 1 - Configure WPO365 Role Based Access
Please see https://docs.wpo365.com/article/40-restrict-access-to-members-of-specific-azure-ad-groups for details on how to configure role base access.
Option 2 - Require user assignment
- Navigate to WP Admin > WPO365 > Single Sign-on and copy the Application ID.
- Continue to Azure Portal > Azure Active Directory > Enterprise Applications and search for the corresponding Enterprise Application using the Application ID you copied in the previous step.
- On the Properties page of the Enterprise Application toggle User assignment required.
- On the Users and groups page of the Enterprise Application add the groups that should be able to access your WordPress website.
- Wait 1 - 2 minutes and test your updated Enterprise Application configuration.