Azure Active Directory revoke a set of user-sessions for a given aad app-id
Question
We have a mobile application that uses AAD authentication. We updated the privacy notice recently, and we want all our users to see the new notice.
However, the privacy notice seen check happens only during app-sign in. So we want to sign-out the users who haven't accepted the latest privacy notice of our application.
We have the list of users from to be signed out prepared from our consent db data.
Is there a REST api for AAD or a AZ-CLI command that helps us to pass-in ClientId & UPN and revoke their token.
The closest I encountered is Revoke-AzureADUserAllRefreshToken , but I do not have permission to execute the command.
1 answers
solution1
1 2020-07-01 08:18:26
Here either the user has manually sing off or the other only opotion is to use the PowerShell Command to revoke the user refresh token.
Revoke-AzureADSignedInUserAllRefreshToken [] or Revoke-AzureADUserAllRefreshToken -ObjectId Or you can get more creative like for example revoking access for all members of a particular group
C:> Get-AzureADGroup -SearchString CloudSecGrp | Get-AzureADGroupMember | Revoke-AzureADUserAllRefreshToken. You need to have a Global administrator rights to execute the command
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.