Mar 30 2017
02:02 PM
- last edited on
Jan 14 2022
05:33 PM
by
TechCommunityAP
Mar 30 2017
02:02 PM
- last edited on
Jan 14 2022
05:33 PM
by
TechCommunityAP
A v2 endpoint to AAD is available as described on https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations
with the advantage of supporting both MSA and AAD as idP.
When you want to register an app using this endpoint you need to register the app outside Azure on https://apps.dev.microsoft.com/
What was strange to me was that for the v1, the registration is on tenant level, while the v2 is registered on a (personal) account level. I suppose this is to support apps developed outside a particular tenant? How should this be managed exactly? The owner of the account used to register the app can leave the company, there is no overview of these apps on our tenant to manage these apps? Or am I missing something?
Thanks!
Mar 31 2017 08:29 PM
SolutionCan you just create a service account in Azure AD - as in an account that's called what it's for - and use that in the endpoint config? Then you don't need to worry if someone leaves, or if it's an on prem account synced across, that ADFS might be down and unable to support auth?
Apr 01 2017 02:07 AM
Thanks, a service account will do indeed!
It was a bit confusing to me that this registration of v2 endpoint is done in a completely different way, in another portal.
Mar 31 2017 08:29 PM
SolutionCan you just create a service account in Azure AD - as in an account that's called what it's for - and use that in the endpoint config? Then you don't need to worry if someone leaves, or if it's an on prem account synced across, that ADFS might be down and unable to support auth?