Quickstart: Add an application to your Azure Active Directory tenant

Azure Active Directory (Azure AD) has a gallery that contains thousands of pre-integrated applications. Some of the applications your organization uses are probably in the gallery. This quickstart uses the Azure portal to add a gallery application to your Azure Active Directory (Azure AD) tenant.

After an application is added to your Azure AD tenant, you can:

  • Manage user access to the application with a Conditional Access policy.
  • Configure users to single sign-on to the application with their Azure AD accounts.

Before you begin

To add an application to your tenant, you need:

  • An Azure AD subscription
  • A single sign-on enabled subscription for your application

Sign in to the Azure portal as a global admin for your Azure AD tenant, a cloud application admin, or an application admin.

To test the steps in this tutorial, we recommend using a non-production environment. If you don't have an Azure AD non-production environment, you can get a one-month trial.

Add an application to your Azure AD tenant

To add a gallery application to your Azure AD tenant:

  1. In the Azure portal, on the left navigation panel, select Azure Active Directory.

  2. In the Azure Active Directory pane, select Enterprise applications. The All applications pane opens and displays a random sample of the applications in your Azure AD tenant.

  3. To add a gallery app to your tenant, select New application.

    Select New application to add a gallery app to your tenant

  4. Switch to the new gallery preview experience: In the banner at the top of the Add an application page, select the link that says Click here to try out the new and improved app gallery.

  5. The Browse Azure AD Gallery (Preview) pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Note that the applications listed in the Featured applications section have icons indicating whether they support federated single sign-on (SSO) and provisioning.

    Search for an app by name or category

  6. You can browse the gallery for the application you want to add, or search for the application by entering its name in the search box. Then select the application from the results. In the form, you can edit the name of the application to match the needs of your organization. In this example we've changed the name to GitHub-test.

    Shows how to add an application from the gallery

  7. Select Create. A getting started page appears with the options for configuring the application for your organization.

You've finished adding your application. The next sections show you how to change the logo and edit other properties for your application.

Find your Azure AD tenant application

Let's assume you had to leave and now you're returning to continue configuring your application. The first thing to do is find your application.

  1. In the Azure portal, on the left navigation panel, select Azure Active Directory.

  2. In the Azure Active Directory pane, select Enterprise applications.

  3. From the Application Type drop-down menu, select All Applications, and then select Apply. To learn more about the viewing options, see View tenant applications.

  4. You can now see a list of all the applications in your Azure AD tenant. The list is a random sample. To see more applications, select Show more one or more times.

  5. To quickly find an application in your tenant, enter the application name in the search box and select Apply. This example finds the GitHub-test application added previously.

    Shows how to find an application using the search box

Configure user sign-in properties

Now that you've found the application, you can open it and configure application properties.

To edit the application properties:

  1. Select the application to open it.

  2. Select Properties to open the properties pane for editing.

    Shows the Properties screen and editable app properties

  3. Take a moment to understand the sign-in options. The options determine how users who are assigned or unassigned to the application can sign into the application. And, the options also determine if a user can see the application in the access panel.

    • Enabled for users to sign-in? determines whether users assigned to the application can sign in.
    • User assignment required? determines whether users who aren't assigned to the application can sign in.
    • Visible to users? determines whether users assigned to an app can see it in the access panel and O365 launcher.
  4. Use the following tables to help you choose the best options for your needs.

    • Behavior for assigned users:

      Application property settings Assigned-user experience
      Enabled for users to sign-in? User assignment required? Visible to users? Can assigned users sign in? Can assigned users see the application?*
      yes yes yes yes yes
      yes yes no yes no
      yes no yes yes yes
      yes no no yes no
      no yes yes no no
      no yes no no no
      no no yes no no
      no no no no no
    • Behavior for unassigned users:

      Application property settings Unassigned-user experience
      Enabled for users to sign in? User assignment required? Visible to users? Can unassigned users sign in? Can unassigned users see the application?*
      yes yes yes no no
      yes yes no no no
      yes no yes yes no
      yes no no yes no
      no yes yes no no
      no yes no no no
      no no yes no no
      no no no no no

      *Can the user see the application in the access panel and the Office 365 app launcher?

To use a custom logo:

  1. Create a logo that is 215 by 215 pixels, and save it in PNG format.

  2. Since you've already found your application, select the application.

  3. In the left pane, select Properties.

  4. Upload the logo.

  5. When you're finished, select Save.

    Shows how to change the logo from the app's Properties page

    Note

    The thumbnail displayed on this Properties pane doesn't update right away. You can close and reopen the properties to see the updated icon.

Next steps

Now that you've added the application to your Azure AD organization, choose a single sign-on method you want to use and refer to the appropriate article below: