App Registration in Microsoft Entra ID

Ebrahim Abdalla 40 Reputation points
2024-01-16T08:41:50.8333333+00:00

I am facing a challenge in registering an app within a smaller group, as obtaining Application Permissions within my company is not feasible. Do you have any tips or experiences on this matter? I am seeking advice and alternatives to successfully complete the registration process. Thank you in advance for your support! Best regards, Ebrahim

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,232 questions
0 comments No comments
{count} votes

Accepted answer
  1. Michael Morten Sonne 595 Reputation points MVP
    2024-01-16T08:49:20.2866667+00:00

    Hi Ebrahim,

    If you're facing challenges obtaining application permissions within your company, there are a few strategies you can consider to navigate this situation. But I understand the issue to from both sides.
    Keep in mind that these suggestions may vary based on your organization's policies and security protocols, so it's essential to comply with internal guidelines.

    • Engage with IT or Security Teams: Schedule a meeting with your IT or security teams to discuss the specific requirements and reasons for needing app permissions. This can help you better understand the constraints and work together to find a solution.
    • Provide a Detailed Justification: Clearly outline why the app needs certain permissions and how it aligns with the organization's goals. Emphasize the benefits and potential improvements it can bring to the workflow or productivity.
    • Test Environment: Consider setting up a test environment where you can demonstrate the app's functionality without posing any risk to the production environment. This may alleviate concerns about security risks during the testing phase.
    • Limited Scope: If possible, request permissions for a limited scope initially. This could involve starting with read-only access or specific actions that are less intrusive. Once trust is established, it might be easier to expand permissions gradually. Hope that can help you on the right way.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Givary-MSFT 35,216 Reputation points Microsoft Employee
    2024-01-17T09:16:51.34+00:00

    @Ebrahim Abdalla Adding to the above answer, if obtaining application permissions within your company is not feasible, you may want to consider using a delegated app management role in Azure AD. This allows you to delegate app management tasks without assigning the Global Administrator role.

    The new roles and capabilities are:

    • Application Administrator: Grants the ability to manage all aspects of all apps, including registration, SSO settings, app assignments and licensing, App proxy settings, and consent (except to Azure AD resources).
    • Cloud Application Administrator: Grants all of the Application Administrator abilities, except for App proxy because it doesn't provide on-premises access.
    • Application Developer: Grants the ability to create app registrations, even if the "allow users to register apps" option is turned off.

    You can assign these roles to specific users or groups of users, allowing them to manage app registrations without requiring Global Administrator permissions. To assign these roles, you need to sign in to your Azure AD organization with an account that is eligible for the Global Administrator role in your Azure AD organization. Then, you can set the appropriate permissions for the users or groups of users that need to manage app registrations. Regarding the app registration process in Entra ID, I would need more information to provide specific advice. However, the general process for registering an app in Azure AD should be similar regardless of the identity provider. You can follow the steps outlined in the Azure AD documentation to register your app and configure its settings. I hope this helps! Let me know if you have any further questions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.