I wanted to know that how many users and groups we can assign to an enterprise application in Entra ID.

Sujeet Kumar Singh 0 Reputation points
2025-01-21T15:28:46.59+00:00

Hello
I wanted to know that how many users and groups we can assign to an enterprise application in Entra ID.

Also what is the limitation of groups to be synced from entra id to the app if SCIM is enabled for it.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,147 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Danny Zollner 10,571 Reputation points Microsoft Employee
    2025-01-21T16:18:46.8366667+00:00

    https://learn.microsoft.com/en-us/entra/identity/users/directory-service-limits-restrictions

    Most relevant from that is, under the Applications section:

    A user, group, or service principal can have a maximum of 1,500 app role assignments. The limitation is on the assigned service principal, user, or group across all app roles and not on the number of assignments of a single app role. This limit includes app role assignments where the resource service principal has been soft-deleted.

    which means that any single object can be directly assigned to a maximum of 1,500 app role assignments (Users and Groups blade on an Enterprise Application). In the service limits article, I don't see mention of a limit on the maximum number of app role assignments that a single application can have linked to it, which matches my understanding that there is not a limit.

    For SCIM provisioning of group objects, there is no limit from Entra's end on the number of group objects that can be provisioned into an application.

    0 comments No comments

  2. Sakshi Devkante 575 Reputation points Microsoft Vendor
    2025-01-21T17:24:20.4733333+00:00

    Hello @Sujeet Kumar Singh

    Thank you for posting your query on Microsoft Q&A.

    We've confirmed that there's No Limit on the number of users or groups you can assign to an application. Take our Microsoft tenant as an example – we've got apps with thousands of users assigned to them.

    You can check in this document: Service limits and restrictions - Azure Active Directory | Microsoft Learn.

    https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal

    I hope this clarifies things. Please contact us if you have any additional questions.If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,

    Sakshi Devkante


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.