![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 60%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET6%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,913 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @TechUser2020-6505 ,
I recently wrote a blog post about this question.
The App Registration is the actual application object where you configure application settings. The Enterprise Application (or Service Principal object) is a representation (or instantiation) of the application within a directory. It acquires the settings from the application object and is used to grant consent to resources. The Application IDs for both resources are the same because they point to the same application, but the Object IDs are different because they have slightly different purposes.
Apps registered through "App registration" are already configured for OpenID Connect (OIDC) and OAuth by default (instead of SAML). With apps registered through the "Enterprise applications" area of Azure AD the SSO option appears because the implementation of that app for the gallery could include different standards and options to choose (such as SAML, Linked, Disabled, Password). See related thread here.
Let me know if this helps.