top of page
  • Writer's pictureShannon

App Registration vs. Enterprise Applications

I had a colleague at Microsoft (who's not in identity) mention that it's confusing when someone looks in the Entra portal or Azure Active Directory in the Azure Portal and sees a place for Application Registrations AND a separate place for Enterprise Applications. I took a step back, put on my "I don't work in identity hat" and realized he's not necessarily wrong. For folks that may be newer to the identity space of Microsoft, I thought I'd take some time and demystify things a bit by explaining the difference between an application registration and an enterprise application.

Developers develop apps all day long. Many of these apps need some way to authenticate or authorize a user (maybe even delegate a user) and a lot of developers wind up using Azure Active Directory (AAD) as a result. AAD supports modern protocols like SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation. AAD also supports password vaulting and automated sign-in capabilities for apps that support forms-based authentication.

Ok so an application object in simplified terms is a logical representation of an app inside 1 tenant. You can create a number of service principals based upon the application object, but there is only 1 application object per app. That app needs to be registered with AAD and these App Registrations are what winds up shown when you browse there on the portal. A developer has flexibility to configure the reply URL, a logout URL, and API access (if required) with an app registration. When the app is registered with AAD, the app is assigned a unique App ID (which is a GUID).

"Next we have Enterprise Applications. What are those? And why are they right by App Registrations?" you may find yourself asking.

Think of an Enterprise Application as something another vendor maintains. Something like Salesforce, G-Suite, ServiceNow, etc. The crazy part is the Enterprise Application section will ALSO show the App Registrations you've configured within your tenant. What you should do is browse out to the App Registrations blade and then the Enterprise Applications blade so you can cross reference the differences. I don't have the answers behind why the terminology is so similar or why there's slight overlap between the two.

I thought I'd leave you with a few links to learn how this is set up:

App Registration

Integrating an Enterprise application

And with that, I hope this post has helped you make sense of certain terminology within the land of Azure Active Directory!

Recent Posts

See All

2 comentarios

Think Big
Think Big
17 oct 2022

Great article! But looks like you pasted it from here (with a clever bit of parapharsing):

Me gusta

Dennis Nguyen
Dennis Nguyen
21 dic 2021

Thanks for clarifying!

Me gusta
bottom of page