Background: we have a web application built on ASP.NET Core MVC hosted in an Azure App Service configured for Azure single sign-on. This app has a page which manages users (add / remove / change role). We keep this data in a SQL database and manage them with normal CRUD operations.
We are planning to use Azure AD as every user who accesses the app is present in Azure AD, so that we don’t have to keep a table in the SQL database.
Problem: currently, if I am already a user of the app, I will be able to add a new user from "manage users" page and that particular user will get access to the app. But if use Azure AD, is it possible for an existing user to give access(with a certain role) to a new user from the app without going to Azure portal?
Note: New users shouldn't be able to register by themselves to access the app.
But if use Azure AD, is it possible for an existing user to give access(with a certain role) to a new user from the app without going to Azure portal?
It is certainly possible to do so. As mentioned in the comments, you would need to use Graph API for that.
There are a few things you would need to do to accomplish this.