Add an unlisted (non-gallery) application to your Azure AD organization
In addition to the choices in the Azure AD application gallery, you have the option to add a non-gallery application. You can add any application that already exists in your organization, or any third-party application from a vendor who is not already part of the Azure AD gallery. Depending on your license agreement, the following capabilities are available:
- Self-service integration of any application that supports Security Assertion Markup Language (SAML) 2.0 identity providers (SP-initiated or IdP-initiated)
- Self-service integration of any web application that has an HTML-based sign-in page using password-based SSO
- Self-service connection of applications that use the System for Cross-Domain Identity Management (SCIM) protocol for user provisioning
- Ability to add links to any application in the Office 365 app launcher or the Azure AD access panel
This article describes how to add a non-gallery application to Enterprise Applications in the Azure portal without writing code. If instead you're looking for developer guidance on how to integrate custom apps with Azure AD, see Authentication Scenarios for Azure AD. When you develop an app that uses a modern protocol like OpenId Connect/OAuth to authenticate users, you can register it with the Microsoft identity platform by using the App registrations experience in the Azure portal.
Add a non-gallery application
Sign in to the Azure Active Directory portal using your Microsoft identity platform administrator account.
Select Enterprise Applications > New application.
(Optional but recommended) In the Add from the gallery search box, enter the display name of the application. If the application appears in the search results, select it and skip the rest of this procedure.
Select Non-gallery application. The Add your own application page appears.
Enter the display name for your new application.
Select Add. The application Overview page opens.
Configure user sign-in properties
Select Properties to open the properties pane for editing.
Set the following options to determine how users who are assigned or unassigned to the application can sign into the application and if a user can see the application in the access panel.
Enabled for users to sign-in determines whether users assigned to the application can sign in.
User assignment required determines whether users who aren't assigned to the application can sign in.
Visible to user determines whether users assigned to an app can see it in the access panel and O365 launcher.
Behavior for assigned users:
Application property settings Assigned-user experience Enabled for users to sign-in? User assignment required? Visible to users? Can assigned users sign in? Can assigned users see the application?* yes yes yes yes yes yes yes no yes no yes no yes yes yes yes no no yes no no yes yes no no no yes no no no no no yes no no no no no no no
Behavior for unassigned users:
Application property settings Unassigned-user experience Enabled for users to sign in? User assignment required? Visible to users? Can unassigned users sign in? Can unassigned users see the application?* yes yes yes no no yes yes no no no yes no yes yes no yes no no yes no no yes yes no no no yes no no no no no yes no no no no no no no
*Can the user see the application in the access panel and the Office 365 app launcher?
To use a custom logo, create a logo that is 215 by 215 pixels, and save it in PNG format. Then browse to your logo and upload it.
When you're finished, select Save.
Now that you've added the application to your Azure AD organization, choose a single sign-on method you want to use and refer to the appropriate article below: