How to get AppSource Certified for Azure Active Directory
Warning
This content is for the older Azure AD v1.0 endpoint. Use the Microsoft identity platform for new projects.
Microsoft AppSource is a destination for business users to discover, try, and manage line-of-business SaaS applications (standalone SaaS and add-on to existing Microsoft SaaS products).
To list a standalone SaaS application on AppSource, your application must accept single sign-on from work accounts from any company or organization that has Azure Active Directory (Azure AD). The sign-in process must use the OpenID Connect or OAuth 2.0 protocols. SAML integration is not accepted for AppSource certification.
Guides and code samples
If you want to learn about how to integrate your application with Azure AD using Open ID connect, follow our guides and code samples in the Azure Active Directory developer's guide.
Multi-tenant applications
A multi-tenant application is an application that accepts sign-ins from users from any company or organization that have Azure AD without requiring a separate instance, configuration, or deployment. AppSource recommends that applications implement multi-tenancy to enable the single-click free trial experience.
To enable multi-tenancy on your application, follow these steps:
- Set
Multi-Tenanted
property toYes
on your application registration's information in the Azure portal. By default, applications created in the Azure portal are configured as single-tenant. - Update your code to send requests to the
common
endpoint. To do this, update the endpoint fromhttps://login.microsoftonline.com/{yourtenant}
tohttps://login.microsoftonline.com/common*
. - For some platforms, like ASP.NET, you need also to update your code to accept multiple issuers.
For more information about multi-tenancy, see How to sign in any Azure Active Directory (Azure AD) user using the multi-tenant application pattern.
Single-tenant applications
A single-tenant application is an application that only accepts sign-ins from users of a defined Azure AD instance. External users (including work or school accounts from other organizations, or personal accounts) can sign in to a single-tenant application after adding each user as a guest account to the Azure AD instance that the application is registered.
You can add users as guest accounts to Azure AD through the Azure AD B2B collaboration and you can do this programmatically. When using B2B, users can create a self-service portal that does not require an invitation to sign in. For more info, see Self-service portal for Azure AD B2B collaboration sign-up.
Single-tenant applications can enable the Contact Me experience, but if you want to enable the single-click/free trial experience that AppSource recommends, enable multi-tenancy on your application instead.
AppSource trial experiences
Free trial (customer-led trial experience)
The customer-led trial is the experience that AppSource recommends as it offers a single-click access to your application. The following example shows what this experience looks like:
1.
|
2.
|
3.
|
4.
|
5.
|
Contact me (partner-led trial experience)
You can use the partner trial experience when a manual or a long-term operation needs to happen to provision the user/company--for example, your application needs to provision virtual machines, database instances, or operations that take much time to complete. In this case, after the user selects the Request Trial button and fills out a form, AppSource sends you the user's contact information. When you receive this information, you then provision the environment and send the instructions to the user on how to access the trial experience:
1.
|
2.
|
3.
|
||||||
4.
|
5.
|
6.
|
More information
For more information about the AppSource trial experience, see this video.
Next Steps
- For more information on building applications that support Azure AD sign-ins, see Authentication scenarios for Azure AD.
- For information on how to list your SaaS application in AppSource, go see AppSource Partner Information
Get support
For Azure AD integration, we use Microsoft Q&A with the community to provide support.
We highly recommend you ask your questions on Microsoft Q&A first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-active-directory]
.
Use the following comments section to provide feedback and help us refine and shape our content.