An App registration is a way of reserving your app and URL with Entra ID, allowing it to communicate with Entra ID, hooking up your reply urls, and enabling AAD services on it.
When you have an application that you are developing and want to integrate with Azure, you need to register your application in App Registrations, where you will configure your reply URL, logout URL, and API access if needed.
When you register your application, Entra ID assigns a unique Application ID to it and allows you to add certain capabilities such as credentials, permissions, and sign-ons.
The default settings allow only users from the tenant under which your app is registered to sign into your application.
The Enterprise Applications blade might be confused with App Registrations because the Enterprise Application blade contains the list of your service principals.
However, the term Enterprise App generally refers to applications published by other companies in the Entra ID gallery that can be used within your organization.
For example, if you want to integrate Facebook and manage SSO within your organization, you can integrate it from the Enterprise Applications dropdown in the applications blade.
Your own applications will also be represented in the Enterprise Applications blade as Service Principals, which are instantiations of your applications in the tenant.
Application objects - Although there are exceptions, application objects can be considered the definition of an application.
Service principals - Can be considered an instance of an application. Service principals generally reference an application object, and one application object can be referenced by multiple service principals across directories.
The Client ID is the app's unique identifier from the App Registration.
The Application Object is the blueprint created during App Registration.
The Service Principal is the Enterprise Application, the local version that is active in your tenant.
All three (Client ID, Application Object, and Service Principal) are created during the App Registration process—right after you register a new app in Azure Entra ID.
An App Registration (application) can be used for single- or multi-tenant purposes.
An App Registration (Application) on its own cannot really do anything.
After all, it is only a definition of the application. This is where the Enterprise Application (Service Principal).
Perhaps the “Service Principal” naming gives some more clarity, but this is an identity within a directory, which can only be given rights within the same directory.
The Enterprise Application (Service Principal) object is the instance of an app registration (application).
App Registration (Application), an Enterprise application (Service Principal) will have to be present in the same directory for every tenant where the application is active.
Creation and roles of the Client ID, Application Object, and Enterprise Application (Service Principal) in Azure Entra ID.
Top comments (0)