App registration - App roles.

Malvaro 105 Reputation points
2023-05-04T13:54:55.82+00:00

Good afternoon,

In the current project I am working on, we decided to use App roles in several App registrations to configure for each user different "permissions"

User's image

assigning them using the Enterprise Applications section.

User's image

Reading the Azure documentation I have seen the following restrictions directory-service-limits-restrictions, however, when I tried to add more than 1000 App roles for an "App registrations" I got a manifest exception "Exceeded manifest limit size". 


So, talking about the production environment: where it will have 5 App registrations, 1000 App roles per App registration and 180k users per App registration with around 400 roles in the JWT token., have 2 questions.

  • Could it fail in the future if I add other fields in the manifest?
  • The AAD could manage without problems the Prd environment?,

Cheers,

Thanks a lot for your help.

Moisés.  

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,215 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 29,006 Reputation points Microsoft Employee
    2023-05-08T13:40:18.7633333+00:00

    Hi @Malvaro ,

    Thanks for reaching out.

    As mentioned in the document, a maximum of 1,200 entries can be added to the application manifest.

    There's a global limit of about 1000 items across all the collection properties on the app object which means all the collections such as appRoles, keyCredentials, knownClientApplications, identifierUris, redirectUris, requiredResourceAccess, and oauth2Permissions.

    So, after adding 1000 entries of appRoles collection, manifest won't allow to add other collection object.

    Answering to your below question:

    • Could it fail in the future if I add other fields in the manifest?

    It won't allow to add other collections after 1000 entries or more than 1200 entries in the application manifest and adding more fields could potentially cause it to exceed this limit and fail.

    • The AAD could manage without problems the Prd environment?,

    Based on the limits and restrictions listed in the documentation you will be able to run your application without any problem.

    However, it was always recommended to test your application thoroughly before deploying it to production to ensure that it can handle the expected workload.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful