Displaying information about Azure Active Directory app registrations
The information about the Azure Active Directory app registration is loaded into One Identity Manager during synchronization. All the Azure Active Directory app registrations with their Azure Active Directory service principals that are registered in this Azure Active Directory tenant are loaded for an Azure Active Directory tenant.
If an Azure Active Directory application is used in an Azure Active Directory tenant that is registered in another Azure Active Directory tenant, only the Azure Active Directory service principal and not the Azure Active Directory app registration is loaded into One Identity Manager.
You cannot create Azure Active Directory app registrations in One Identity Manager.
To display information about an Azure Active Directory app registration
-
In the Manager, select the Azure Active Directory > App registrations category.
-
Select the Azure Active Directory app registration in the result list.
-
Select one of the following tasks:
-
Azure Active Directory app registration overview: This shows you an overview of the Azure Active Directory app registration and its dependencies.
-
Change main data: Shows the Azure Active Directory app registration's main data.
-
Assign owners: Shows the Azure Active Directory app registration's owners. You can assign owners to an app registration or remove them again.
Related topics
Assigning owners to Azure Active Directory app registrations
Use this task to assign owners to an Azure Active Directory app registration or to remove them from an Azure Active Directory application. Azure Active Directory app registration owners can display and edit app registrations in Azure Active Directory.
To assign owners to an Azure Active Directory app registration
-
In the Manager, select the Azure Active Directory > App registrations category.
-
Select the Azure Active Directory app registration in the result list.
-
Select the Assign owner task.
-
In the Table menu, select the Azure Active Directory user accounts (AADUser) item.
-
In the Add assignments pane, assign owners.
TIP: In the Remove assignments pane, you can remove assigned owners.
To remove an assignment
- Save the changes.
Displaying Azure Active Directory app registration main data
The information about the Azure Active Directory app registration is loaded into One Identity Manager during synchronization. You cannot edit Azure Active Directory app registration main data.
To display an Azure Active Directory app registration's main data
-
In the Manager, select the Azure Active Directory > App registrations category.
-
Select the Azure Active Directory app registration in the result list.
-
Select Change main data.
Table 44: Main data of an Azure Active Directory app registration
Display name |
Display name of the application. |
Publisher domain |
Name of the application's verified publisher domain. |
Registration date |
Date and time when the application was registered. |
Group membership claim |
Group membership claim expected by the application. Group types that are included in the access, ID, and SAML tokens. Permitted values are:
-
None: No group types
-
All: All group types
-
Security groups: Security groups with the user as a member.
-
Application groups: Application groups in which the user is a member.
-
Directory roles: Directory roles that are assigned to the user. |
Logo URL |
Link to the application's logo. |
Marketing URL |
Link to the application's marketing page. |
Privacy statement URL |
Link to the application's privacy statement. |
Service URL |
Link to the application's support page. |
Terms of service URL |
Link to the application's terms of service. |
Fallback public client |
Specifies whether the fallback application type is a public client, such as an application installed and running on a mobile device. The default value is false meaning the fallback application type is a confidential client such as a web application. If the option is disabled, it means that the fallback application type is a confidential client, such as a web application (default). |
Supported user accounts |
Specifies which Microsoft user accounts for the current application are supported. Permitted values are:
-
Accounts in this organizational directory only
-
Accounts in any organizational directory
-
Accounts in any organizational directory and personal Microsoft accounts
-
Only personal Microsoft accounts |
Token issuance policies |
Name of the policy for issuing tokens. |
Token lifetime policy |
Name of the policy for token lifetimes. |
Tags |
User-defined string to use for categorizing and identifying the application. |
Related topics
Displaying information about Azure Active Directory service principals
When an application is registered in an Azure Active Directory tenant in Microsoft Azure Management Portal, it creates an associated Azure Active Directory service principal.
The information about the Azure Active Directory service principal is loaded into One Identity Manager during synchronization. You cannot create new Azure Active Directory service principals in One Identity Manager.
If an Azure Active Directory application is used in an Azure Active Directory tenant that is registered in another Azure Active Directory tenant, only the Azure Active Directory service principal and not the Azure Active Directory app registration is loaded into One Identity Manager.
To display information about anAzure Active Directory service principal
-
In the Manager, select the Azure Active Directory > Service principals category.
-
In the result list, select the Azure Active Directory service principal.
-
Select one of the following tasks:
-
Azure Active Directory service principal overview: This shows you an overview of the Azure Active Directory service principal and its dependencies.
-
Change main data: This displays the Azure Active Directory service principal's main data.
-
Assign owners: This displays the Azure Active Directory service principals owners. You can assign owners to a service principal or remove them.
-
Assign authorizations: This displays user accounts, groups, and service principals with their assigned app roles. You can create more authorizations or removed them.
Related topics