How can I restrict user sign-in for a particular domain?
During the registration process, you can set your application as a single-tenant and as I understood according to the documentation it uses in the case of if your target audience is internal to your organization.. But there is not an option to specify a domain for tenancy restriction.
But I've found that you can restrict users by specifying the white list of tenants in the HTTP header Restrict-Access-To-Tenants using a proxy server.
And I can't understand what the single-tenant option is influence on?
And is there any functionality provided by passport-azure-ad for tenancy restriction?
Thanks.
You need to set enterprise application->User assignment required? to Yes on the Properties tab.
Then you go to Users and groups tab and add the users and groups that you want to allow to access it (internals and partners).
By default, without this setting all internal and partner users can sign in.