| title | description | author | manager | ms.service | ms.subservice | ms.topic | ms.date | ms.author | ms.reviewer | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|
Use a group to manage access to SaaS apps |
Learn how to use groups in Microsoft Entra ID to assign access to SaaS applications that are integrated with Microsoft Entra ID. |
barclayn |
amycolannino |
entra-id |
users |
how-to |
11/15/2023 |
barclayn |
krbain |
it-pro |
When you use Microsoft Entra ID with a Microsoft Entra ID P1 or P2 license plan, you can use groups to assign access to a software as a service (SaaS) application that's integrated with Microsoft Entra ID.
For example, if you want to assign access for a marketing department to use five different SaaS applications, you can create an Office 365 or security group that contains the users in the marketing department. Then you can assign that group to the five SaaS applications that the marketing department needs.
With Microsoft Entra ID, you can save time by managing the membership of the marketing department in one place. Users then are assigned to the application when they're added as members of the marketing group. They have their assignments removed from the application when they're removed from the marketing group. You can use this capability with hundreds of applications that you can add from within the Microsoft Entra Application Gallery.
Important
You can use this feature only after you start a Microsoft Entra ID P1 or P2 trial or purchase a Microsoft Entra ID P1 or P2 license plan. Group-based assignment is supported only for security groups. Nested group memberships aren't supported for group-based assignment to applications at this time.
[!INCLUDE portal updates]
-
Sign in to the Microsoft Entra admin center as at least a User Administrator.
-
Go to Applications > Enterprise applications to open All applications in the Application Gallery.
:::image type="content" source="./media/domains-manage/enterprise-apps.png" alt-text="Screenshot that shows the Application Gallery.":::
-
Select an application that you added from the Application Gallery to open it.
-
On the left pane, select Users and groups, and then select Add user/group.
-
On Add Assignment, select Users and groups to open the Users and groups selection list.
-
Select as many groups or users as you want, and then click or tap Select to add them to the Add Assignment list. You can also assign a role to a user at this stage.
-
Select Assign to assign the users or groups to the selected enterprise application.
For more information on Microsoft Entra ID, see: