Separate app registration for web console login

Will Smith

August 28, 2024 19:07

We have conditional access policies that include all cloud applications. We have excluded the Nerdio app registration, but since the app registration call the Microsoft Graph app (which cannot be excluded from conditional access policies), users are unable to sign in from non-trusted locations or from devices that do not meet our compliance policies. We are unable to change the conditional access policy to not include all cloud apps by default.

Nerdio support recommended opening a feature request to split out the one app registration into two, so we would be able to exclude the app registration that allows users to sign in.

Comments (2 comments)

Toby Skerritt

September 09, 2024 09:23

Hi Will Smith - thanks for this request.

We have had similar requests from organizations using private endpoints who cannot expose the Nerdio Manager IP to public networks. At this point we are considering the creation of a separate app service (with specific firewall rules to allow communication between the app services). This should cover both both scenarios, however this is a complex change and is still being planned. Please let me know if you have other thoughts here. thanks.

Mike Fazio

July 18, 2025 15:33

Hey all,

Running into this in our environment as well and would love to hear if there are any updates to this? We are excited at the prospect of providing users with self-serve capabilities, but this is getting in the way of us being able to roll out as well

Please sign in to leave a comment.