@PeterRising Thanks Peter.

Yes, can it be done?

to be more specific:

User(Syed) accesses all Office365 applications using tenant(microsoft.com).

User(Syed) wants to access a particular application(registered on Azure, say App P) using tenant(google.com)

and if User(Syed) wants to access any other application other than App P using tenant(google.com), user must be blocked.


how can i achieve this?

the  application(App P) is registered on Azure with tenant(google.com) as Azure AD is the IdP for the application sign-on.