App Registrations vs Enterprise Applications in Azure AD - Certificate Significance

TechUser2020-6505 256 Reputation points
2021-05-11T12:34:24.94+00:00

Hi,
We're regularly asked to create app registrations and Enterprise Apps in Azure AD. I'm still not clear on the distinction between the 2, other than Enterprise applications are "global" apps create in another tenant and made available across multiple tenants/customers.

My question is why do enterprise applications require a SAML response signing certificate whereas App registrations don't?

Is this a security concern I should be concerned about?

Thanks

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-05-11T21:20:54.983+00:00

    Hi @TechUser2020-6505 ,

    I recently wrote a blog post about this question.

    The App Registration is the actual application object where you configure application settings. The Enterprise Application (or Service Principal object) is a representation (or instantiation) of the application within a directory. It acquires the settings from the application object and is used to grant consent to resources. The Application IDs for both resources are the same because they point to the same application, but the Object IDs are different because they have slightly different purposes.

    Apps registered through "App registration" are already configured for OpenID Connect (OIDC) and OAuth by default (instead of SAML). With apps registered through the "Enterprise applications" area of Azure AD the SSO option appears because the implementation of that app for the gallery could include different standards and options to choose (such as SAML, Linked, Disabled, Password). See related thread here.

    Let me know if this helps.

    2 people found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. TechUser2020-6505 256 Reputation points
    2021-05-12T09:14:19.58+00:00

    Thanks, very helpful answer!

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.