How to enable Assignment Required

overview requiring assignment for the application used to access activate is an important security and governance measure it ensures that only authorised user accounts — typically members of a designated access group — can sign in to activate this prevents unintended access by external guests, service accounts, or other unapproved users while still allowing legitimate users to be onboarded automatically through activate’s entitlements why assignment required is a good idea restricts access to approved accounts when assignment required is enabled, only accounts that have been explicitly assigned to the application can access activate this means external guest accounts cannot log in unassigned users in the directory are blocked only members of the approved group can use activate this provides a strong, controlled entry point for your activate environment supports a clean access model requiring assignment gives it teams a predictable, auditable way to determine who has access it prevents accidental inclusion of accounts and keeps access tightly aligned with organisational policy integrates with activate entitlements activate can automatically manage the access group through an entitlement rule a default group membership entitlement can be configured so that when a new user is created in activate, they are automatically added to the authorised access group, which in turn grants them access to the activate application this ensures smooth onboarding without manual intervention, while maintaining access control simplifies auditing and offboarding restricting access to a single group makes it easy to audit and review who currently has access identify the source of access authorisation remove access quickly when a user leaves or changes role configuration steps follow these steps to configure the assignment required setting for the application used to access activate step 1 create an access group sign in to the microsoft entra admin centre navigate to groups › all groups select new group choose group type security group name e g activate access membership type assigned (or dynamic if using dynamic rules) add the appropriate initial members (for example, administrators who need access) select create 💡 this group will act as the “gatekeeper” for who can access activate step 2 configure assignment required in the application in the entra admin centre , go to enterprise applications › all applications locate and select the activate application under properties , set assignment required? to yes click save this ensures that only explicitly assigned users or groups can sign in step 3 assign the access group to the application in the activate application blade, go to users and groups select add user/group choose the activate access group created earlier select assign all users in this group now have permission to access activate step 4 configure a default group membership entitlement in activate within activate, configure a default entitlement so that new users created through activate are automatically added to the activate access group this ensures they receive access without manual assignment this automation keeps the user lifecycle consistent and secure summary enabling assignment required on the activate access application ensures only explicitly authorised accounts can use activate combined with a default group membership entitlement, this approach blocks unauthorised access from guests or unmanaged users, simplifies auditing and governance, and provides a seamless, automated onboarding path for legitimate users