Developer and administrator responsibilities for application registration, authorization, and access

As a developer creating applications in the Microsoft identity platform, you work with IT Professionals who have administrator privileges in Microsoft Entra ID to enable your applications to take full advantage of the Microsoft identity platform. Knowing what your IT Pros need from you and what you need from them helps you to streamline your zero trust development workflow.

Developers and IT Pros must work together

IT organizations are increasingly blocking apps with vulnerabilities. As IT departments embrace a Zero Trust approach, developers who don't provide applications that follow Zero Trust principles risk not having their apps adopted. Following Zero Trust principles can help ensure that your application is eligible for adoption in a Zero Trust environment.

App developers usually implement, evaluate, and validate aspects of Zero Trust before working with an organization's IT Pros to achieve full compliance and adherence. Developers are responsible for building and integrating apps so that IT Pros can use their tools to further secure the applications. Partnering with IT Pros can help you to:

  • Minimize the probability of or prevent security compromise.
  • Quickly respond to compromise and reduce damage.

The following table summarizes the decisions and tasks required for developer and IT Pro roles to build and deploy secure applications in the Microsoft identity platform. Read on for key details and links to articles to help you plan your secure application development.

Developer

IT Pro Administrator

  • Configure who can register apps in tenant.
  • Assign application users, groups, and roles.
  • Grant permissions to applications.
  • Define policies, including conditional access policy.

Zero Trust considerations

When entities (individuals, applications, devices) need to access resources in your application, you work with IT Pros and consider Zero Trust and security policy enforcement options. Together, you decide which access policies to implement and enforce. Microsoft's policy enforcement engine needs to be in touch with threat intelligence, signal processing, and existing policies. Every time an entity needs to access a resource, it goes through the policy enforcement engine.

IT Pros can apply conditional access policies to Security Assertions Markup Language (SAML) apps at authentication. For OAuth 2.0 applications, they can apply policies when an application attempts to access a resource. IT Pros determine which conditional access policies apply to your application (SAML) or the resources that your application accesses (OAuth 2.0).

Next steps