Share via

How to get AppSource Certified for Azure Active Directory

  • Article

Warning

This content is for the older Azure AD v1.0 endpoint. Use the Microsoft identity platform for new projects.

Microsoft AppSource is a destination for business users to discover, try, and manage line-of-business SaaS applications (standalone SaaS and add-on to existing Microsoft SaaS products).

To list a standalone SaaS application on AppSource, your application must accept single sign-on from work accounts from any company or organization that has Azure Active Directory (Azure AD). The sign-in process must use the OpenID Connect or OAuth 2.0 protocols. SAML integration is not accepted for AppSource certification.

Guides and code samples

If you want to learn about how to integrate your application with Azure AD using Open ID connect, follow our guides and code samples in the Azure Active Directory developer's guide.

Multi-tenant applications

A multi-tenant application is an application that accepts sign-ins from users from any company or organization that have Azure AD without requiring a separate instance, configuration, or deployment. AppSource recommends that applications implement multi-tenancy to enable the single-click free trial experience.

To enable multi-tenancy on your application, follow these steps:

  1. Set Multi-Tenanted property to Yes on your application registration's information in the Azure portal. By default, applications created in the Azure portal are configured as single-tenant.
  2. Update your code to send requests to the common endpoint. To do this, update the endpoint from https://login.microsoftonline.com/{yourtenant} to https://login.microsoftonline.com/common*.
  3. For some platforms, like ASP.NET, you need also to update your code to accept multiple issuers.

For more information about multi-tenancy, see How to sign in any Azure Active Directory (Azure AD) user using the multi-tenant application pattern.

Single-tenant applications

A single-tenant application is an application that only accepts sign-ins from users of a defined Azure AD instance. External users (including work or school accounts from other organizations, or personal accounts) can sign in to a single-tenant application after adding each user as a guest account to the Azure AD instance that the application is registered.

You can add users as guest accounts to Azure AD through the Azure AD B2B collaboration and you can do this programmatically. When using B2B, users can create a self-service portal that does not require an invitation to sign in. For more info, see Self-service portal for Azure AD B2B collaboration sign-up.

Single-tenant applications can enable the Contact Me experience, but if you want to enable the single-click/free trial experience that AppSource recommends, enable multi-tenancy on your application instead.

AppSource trial experiences

Free trial (customer-led trial experience)

The customer-led trial is the experience that AppSource recommends as it offers a single-click access to your application. The following example shows what this experience looks like:

1.
Shows Free trial for customer-led trial experience.
  • User finds your application in AppSource Web Site
  • Selects 'Free trial' option
 2.
Shows how user is redirected to a URL in your web site.
  • AppSource redirects user to a URL in your web site
  • Your web site starts the single-sign-on process automatically (on page load)
 3.
Shows the Microsoft sign-in page.
  • User is redirected to Microsoft Sign-in page
  • User provides credentials to sign in
4.
Example: Consent page for an application.
  • User gives consent for your application
 5.
Shows the experience the user sees when redirected back to your site.
  • Sign-in completes and user is redirected back to your web site
  • User starts the free trial

Contact me (partner-led trial experience)

You can use the partner trial experience when a manual or a long-term operation needs to happen to provision the user/company--for example, your application needs to provision virtual machines, database instances, or operations that take much time to complete. In this case, after the user selects the Request Trial button and fills out a form, AppSource sends you the user's contact information. When you receive this information, you then provision the environment and send the instructions to the user on how to access the trial experience:

1.
Shows Contact me for partner-led trial experience
  • User finds your application in AppSource web site
  • Selects 'Contact Me' option
 2.
Shows an example form with contact info
  • Fills out a form with contact information
 3.

Shows placeholder for user information You receive user information
Shows placeholder for setup environment info Setup environment
Shows placeholder for trial info Contact user with trial info


  • You receive user's information and setup trial instance
  • You send the hyperlink to access your application to the user
4.
Shows the application sign-in screen
  • User accesses your application and complete the single-sign-on process
 5.
Shows an example consent page for an application
  • User gives consent for your application
 6.
Shows the experience the user sees when redirected back to your site
  • Sign-in completes and user is redirected back to your web site
  • User starts the free trial

More information

For more information about the AppSource trial experience, see this video.

Next Steps

Get support

For Azure AD integration, we use Microsoft Q&A with the community to provide support.

We highly recommend you ask your questions on Microsoft Q&A first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-active-directory].

Use the following comments section to provide feedback and help us refine and shape our content.