Web app that signs in users - app registration

This page explains the app registration specifics for a web app that signs-in users.

To register your application, you can use:

  • The web app quickstarts - In addition to being a great first experience with creating an application, quickstarts in the Azure portal contain a button named Make this change for me. You can use this button to set the properties you need, even for an existing app. You'll need to adapt the values of these properties to your own case. In particular, the web API URL for your app is probably going to be different from the proposed default, which will also impact the sign-out URI.
  • The Azure portal to register your application manually
  • PowerShell and command-line tools

Register an app using the QuickStarts

If you navigate to this link, you can create bootstrap the creation of your web application:

Register an app using Azure portal


the portal to use is different depending on if your application runs in the Microsoft Azure public cloud or in a national or sovereign cloud. For more information, see National Clouds

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. Alternatively, sign in to the national cloud Azure portal of choice.
  2. If your account gives you access to more than one tenant, select your account in the top-right corner, and set your portal session to the desired Azure AD tenant.
  3. In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration.
  4. When the Register an application page appears, enter your application's registration information:
    1. choose the supported account types for your application (See Supported Account types)
    2. In the Name section, enter a meaningful application name that will be displayed to users of the app, for example AspNetCore-WebApp.
    3. In Redirect URI, add the type of application and the URI destination that will accept returned token responses after successfully authenticating. For example, https://localhost:44321/. Select Register.
  5. Select the Authentication menu, and then add the following information:
    1. In Reply URL, add https://localhost:44321/signin-oidc.
    2. In the Advanced settings section, set Logout URL to https://localhost:44321/signout-oidc.
    3. Under Implicit grant, check ID tokens.
    4. Select Save.

Register an app using PowerShell


Currently Azure AD PowerShell only creates applications with the following supported account types:

  • MyOrg (Accounts in this organizational directory only)
  • AnyOrg (Accounts in any organizational directory).

If you want to create an application that signs-in users with their personal Microsoft Accounts (e.g. Skype, XBox, Outlook.com), you can first create a multi-tenant application (Supported account types = Accounts in any organizational directory), and then change the signInAudience property in the application manifest from the Azure portal. This is explained in details in the step 1.3 of the ASP.NET Core tutorial (and can be generalized to web apps in any language).

Next steps