What does the "Users can add gallery apps to their Access Panel" setting mean?

Occasional Contributor

Hi,

 

can someone explain what the "Users can add gallery apps to their Access Panel" setting mean?

2020-05-04 15_07_57-Enterprise applications _ User settings - Microsoft Azure.png

https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/UserSettings/menuI...

 

Unfortunately I cannot find any understandable documentation :(

Turning on and off has no effect in the access panel of my users?

2020-05-04 15_16_09-Zugriffspanel – Anwendungen.png

 

Thanks for all understandable explanations :)

Jens

5 Replies

Did you check the tooltip?

If this option is set to yes, then users may add any app which supports password single-sign on to appear in their Access Panel, without an admin needing to pre-integrate that application.
If this option is set to no, then admins must manually integrate these applications in order for users to see them on their Access Panels.


Since app might not support login with the current user credentials, such app will appear "broken" when added to the Access panel/MyApps page. More details here: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-password-single-sign-o...

Hi @Vasil Michev,

But of course I read the tooltip, but unfortunately I did not understand it ;) 

I'm not quite sure what this setting looks like from an end-user perspective. 
Where can a user add SSO apps in his Access panel/MyApps if the setting is set to "yes"? Is see no option, and it is ever probably not meant that the user has the possibility to log in with his O365 account e.g. at Doodle? That's what the "

Users can consent to apps accessing company data on their behalf" setting is for.
2020-05-05 08_19_35-My Apps.png

 

And I'm not sure what the phrase "...without an admin needing to pre-integrate that application..." means.

 

Bye

Jens

 

This is for apps to which you cannot login directly, but have to provide username/password instead, separate from your Azure AD credentials. The usual example is something like accessing company's Twitter account - you need to configure the set of credentials first, and this is where the admin comes in. It has nothing to do with consent, that's separate control. Read the article I linked to above, it should hopefully make things a bit clearer.

HI @Vasil Michev,

Thanks for your patience. But I still don't get it. How can a user add an app to his Acces Panel without an admin having to pre-integrate the app? For me, pre-integration means that the app has to be assigned to a user

2020-05-05 16_11_34-Doodle AG _ Users and groups - Microsoft Azure.png

and has to be made visible to the user

2020-05-05 16_12_36-Doodle AG _ Properties - Microsoft Azure.png

Or does it all have something to do with the self-service functionality?

2020-05-05 16_15_42-Doodle AG _ Properties - Microsoft Azure.png

Integration here means setting up the credentials to be used by the app.