Forum Discussion

TheHailender's avatar
TheHailender
Brass Contributor
May 04, 2020

What does the "Users can add gallery apps to their Access Panel" setting mean?

Hi,

 

can someone explain what the "Users can add gallery apps to their Access Panel" setting mean?

https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuId/

 

Unfortunately I cannot find any understandable documentation 😞

Turning on and off has no effect in the access panel of my users?

 

Thanks for all understandable explanations 🙂

Jens

  • Did you check the tooltip?

    If this option is set to yes, then users may add any app which supports password single-sign on to appear in their Access Panel, without an admin needing to pre-integrate that application.
    If this option is set to no, then admins must manually integrate these applications in order for users to see them on their Access Panels.


    Since app might not support login with the current user credentials, such app will appear "broken" when added to the Access panel/MyApps page. More details here: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-password-single-sign-on-non-gallery-applications

    • TheHailender's avatar
      TheHailender
      Brass Contributor

      Hi VasilMichev,

      But of course I read the tooltip, but unfortunately I did not understand it 😉 

      I'm not quite sure what this setting looks like from an end-user perspective. 
      Where can a user add SSO apps in his Access panel/MyApps if the setting is set to "yes"? Is see no option, and it is ever probably not meant that the user has the possibility to log in with his O365 account e.g. at Doodle? That's what the "

      Users can consent to apps accessing company data on their behalf" setting is for.

       

      And I'm not sure what the phrase "...without an admin needing to pre-integrate that application..." means.

       

      Bye

      Jens

       

      • VasilMichev's avatar
        VasilMichev
        MVP

        This is for apps to which you cannot login directly, but have to provide username/password instead, separate from your Azure AD credentials. The usual example is something like accessing company's Twitter account - you need to configure the set of credentials first, and this is where the admin comes in. It has nothing to do with consent, that's separate control. Read the article I linked to above, it should hopefully make things a bit clearer.

Resources