App Registration for Managed Application

Riccardo Sacchetto 0 Reputation points

Good morning.

I'm currently trying to create an application designed to run natively on Azure App Service leveraging a PostgreSQL Flexible Server, using Entra ID for authentication (with OAuth2) and relying on the Graph API to interact (through application permissions) with Teams and Sharepoint.

My final objective is to create a Managed Application that, once listed in the Commercial Marketplace, can be freely downloaded by whoever wants to install in on their Tenant.

The problem I'm trying to solve, in fact, regards exactly this last point: if I want the application to be installable in an arbitrary Tenant, I need to fully automate its deployment.

The creation of Azure resources is - obviously - straightforward: using a Bicep template I can easily deploy the App Service, Database and Virtual Network needed to link them. With the App Registration needed to use OAuth2 and the Graph API, however, there seems to be nothing I can do: the ARM template itself can't create it as it resides in Entra and have nothing to do with Azure Resources, and all the guides that teach how to work around this issue with Deployment Scripts (like this QuickStart template) assume that I have prior access to the target Tenant to create a User Assigned Managed Identity via PowerShell, but this is not the case!

So my question is: what is the best practice to deal with this situation? I can obviously create a multitenant registration in my Tenant and then bundle the secrets in the installations making them Publisher-managed and restricting the Customer access, but it doesn't feel quite secure...

Thank you in advance to anyone who will dedicate some time to share some advice.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,609 questions
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
93 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Konstantinos Passadis 11,936 Reputation points

    Hello @Riccardo Sacchetto !

    Welcome to Microsoft QnA!

    I understand your issue to be able to provide your APP the ability to be installed from Multiple Tenants

    There is a specific link that points to Azure Managed Applications and all the steps required to do that :



    I believe you will find everything you need there !

    You most probably need to make the App able for Multi-Tenancy when registered , but this is just a small detail

    I hope this helps !

    Kindly mark the Answer as Accepted and upvote or post your feedback to provide additional help !

    Regards !