Azure AD Authentication

To integrate an Azure App Service with Azure Active Directory for user authentication, the app must be registered in an Azure AD tenant. This Azure AD application registration creates an identity configuration for the app, allowing it to trust Azure AD for sign-ins. The App Service Authentication feature (often called "Easy Auth") simplifies this process by automatically creating the app registration and configuring the necessary authentication settings, but the fundamental component is the application registration itself.

Access Request Implementation

The requirement for users to request access through the "My Apps" portal and have a manager approve it is a core feature of Azure AD Entitlement Management, which is part of Azure AD Identity Governance. You achieve this by creating an access package. An access package bundles one or more resources (like applications) and defines the policies for access, including who can request access, the required approval workflows (e.g., manager approval), and access duration.

Azure AD application: Microsoft Learn, "Application and service principal objects in Azure Active Directory," Microsoft Entra documentation. This document explains that for an application to be integrated with Azure AD for functions like sign-on, it must be registered, which creates a globally unique application object.

Access package in Identity Governance: Microsoft Learn, "What is entitlement management?," Microsoft Entra Identity Governance documentation. Section "What can I do with entitlement management?" states, "Entitlement management can help you manage access to... applications... You create an access package... users can then request access to the resources in the access package. You can configure policies to require approval for access requests."