Validation differences by supported account types (signInAudience)
When registering an application with the Microsoft identity platform for developers, you're asked to select which account types your application supports. In the application object and manifest, this property is signInAudience.
The options include the following values:
- AzureADMyOrg: Only accounts in the organizational directory where the app is registered (single-tenant).
- AzureADMultipleOrgs: Accounts in any organizational directory (multi-tenant).
- AzureADandPersonalMicrosoftAccount: Accounts in any organizational directory (multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox, and Outlook.com).
For registered applications, you can find the value for supported account types on the Authentication section of an application. You can also find it under the signInAudience property in the Manifest.
The value you select for this property has implications on other app object properties. As a result, if you change this property you may need to change other properties first.
See the following table for the validation differences of various properties for different supported account types.
| Property | AzureADMyOrg |
AzureADMultipleOrgs |
AzureADandPersonalMicrosoftAccount and PersonalMicrosoftAccount |
|---|---|---|---|
Application ID URI (identifierURIs) |
Must be unique in the tenant urn:// schemes are supported Wildcards aren't supported Query strings and fragments are supported Maximum length of 255 characters No limit* on number of identifierURIs |
Must be globally unique urn:// schemes are supported Wildcards aren't supported Query strings and fragments are supported Maximum length of 255 characters No limit* on number of identifierURIs |
Must be globally unique urn:// schemes aren't supported Wildcards, fragments, and query strings aren't supported Maximum length of 120 characters Maximum of 50 identifierURIs |
Certificates (keyCredentials) |
Symmetric signing key | Symmetric signing key | Encryption and asymmetric signing key |
Client secrets (passwordCredentials) |
No limit* | No limit* | If liveSDK is enabled: Maximum of two client secrets |
Redirect URIs (replyURLs) |
See Redirect URI/reply URL restrictions and limitations for more info. | ||
API permissions (requiredResourceAccess) |
No more than 50 APIs (resource apps) from the same tenant as the application, no more than 10 APIs from other tenants, and no more than 400 permissions total across all APIs. | No more than 50 APIs (resource apps) from the same tenant as the application, no more than 10 APIs from other tenants, and no more than 400 permissions total across all APIs. | Maximum of 50 resources per application and 30 permissions per resource (for example, Microsoft Graph). Total limit of 200 per application (resources x permissions). |
Scopes defined by this API (oauth2Permissions) |
Maximum scope name length of 120 characters No limit* on the number of scopes defined |
Maximum scope name length of 120 characters No limit* on the number of scopes defined |
Maximum scope name length of 40 characters Maximum of 100 scopes defined |
Authorized client applications (preAuthorizedApplications) |
No limit* | No limit* | Total maximum of 500 Maximum of 100 client apps defined Maximum of 30 scopes defined per client |
| appRoles | Supported No limit* |
Supported No limit* |
Not supported |
| Front-channel logout URL | https://localhost is allowed http scheme isn't allowed Maximum length of 255 characters |
https://localhost is allowed http scheme isn't allowed Maximum length of 255 characters |
https://localhost is allowed, http://localhost fails http scheme isn't allowed Maximum length of 255 characters Wildcards aren't supported |
| Display name | Maximum length of 120 characters | Maximum length of 120 characters | Maximum length of 90 characters |
| Tags | Individual tag size must be between 1 and 256 characters (inclusive) No whitespaces or duplicate tags allowed No limit* on number of tags |
Individual tag size must be between 1 and 256 characters (inclusive) No whitespaces or duplicate tags allowed No limit* on number of tags |
Individual tag size must be between 1 and 256 characters (inclusive) No whitespaces or duplicate tags allowed No limit* on number of tags |
* There's a global limit of about 1000 items across all the collection properties on the app object.
Next steps
For more information about application registrations and their JSON manifest, see:
Feedback
Submit and view feedback for