There are a couple of different ways to grant ALL users access to an AAD enterprise app.

The simplest approach most admins take is to via the App –> Properties –> User Assignment Required (NO) and Visible to All Users (YES).

This provides SSO based access to all provisioned APP users. This is important – those users must exist within the app to get this level of SSO.

Howver, the correct way to implement this is via AAD group membership.

Define an AAD group for ALLUsers and ensure that any new AD users on premises are automatically synced to this group (see this AAD AD Connect post)

Once you establish this sync, simply ASSIGN this AllUsers group to the enterprise app in question.  Now, you can remove the ‘Visible to All Users’  assignment.




Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.