How to Apply Easy Auth on Web App under a High-security policy environment

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

With increasing emphasis on security issues, enterprises are imposing significant restrictions on internal resources and operations accessible to employees. If your Azure account does not have sufficient AAD (i.e., of Microsoft Entra) permissions, you will be unable to swiftly create easy auth in a web app. This article serves as a simple guide to walk you through the process of setting up easy authentication for your web app.




Step 1: Create a Web App

You may choose any combination of region/sku/stack/OS, as it does not affect the overall process.


After this step, we will obtain a callback URL for use in the next step, with the following format:


Here is my example.


Step 2: Create an App Registration



Who can use this application or access this API?

Accounts in this organizational directory only (Microsoft Non-Production only - Single tenant)

Redirect URI (optional)



Redirect URI (optional)


The callback URL you've setup in Step 1


After this step, we will obtain an Application ID and a Tenant ID for use in the next step.


Meanwhile, we will obtain a issuer URL for use in the next step, with the following format:<my-tenant-id>/v2.0


Step 3: Setup ID Token from App Registration

Go to Authentication page and check the "ID tokens (used for implicit and hybrid flows)" and save.




Step 4: Setup Easy Auth from Web App

Go to Authentication page, create a new authentication.



Identity provider


App registration type

Provide the details of an existing app registration

Application (client) ID

The Application (client) ID you've setup in Step 2

Issuer URL

The Issuer URL you've setup in Step 2

Allowed token audiences


It's done!


Step 5: Try to use it.

If it's your first time using it, you'll see this authorization screen. Just click "Accept."



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.