Application (app) registrations are entries in Entra ID that are used to provide cloud-based authentication for applications – for example, when using Open ID Connect. This is an advanced subject that requires some in-depth technical knowledge. We recommend you familiarise yourself with app registrations using Microsoft’s developer documentation.
App registrations in Toolkit are split into 2 categories: institutional and personal. If no institution is selected, a list of personal registrations is shown. If a single institution is selected, you can add and edit app registrations for that institution. If you are not an owner of the app registration, you can only view the details.
You can add, edit, delete and export registrations via the buttons at the top right of the Application Registrations page.
Add an application registration
To add an app registration, select ‘Add’ at the top of the Application Registrations page to open a drawer where you can specify the initial details for a new registration.
View the selected application registration
To view an app registration, double-select the app registration entry in the available list.
Edit the selected application registration
To edit an app registration, select ‘Edit’ at the top of the Application Registrations page or double-select an entry. A drawer will open with details of the registration.
Display name
The display name is the name of the application registration. It will be displayed as part of the authentication process.
Move an application (if you are an institutional admin)
App registrations you have created will appear in your list of personal app registrations.
The button next to the display name allows you to move an application between a personal application and an institutional application. When moving an application to an institution, select the destination institution first using the dropdown.
Description
This is not visible to users.
Disable user sign-in for this application registration
Ticking this option will block users from authenticating using this app registration, effectively turning it off.
Issue ID tokens (used for implicit and hybrid flows)
This is an advanced option and is enabled by default. You should not change it unless you are following third-party instructions for configuring an application registration.
Issue access tokens (used for implicit flows)
This is an advanced option and is disabled by default. You should not change it unless you are following third-party instructions for configuring an application registration.
Secrets
A client secret is a password your application uses to ensure that only it can access the app registration. Multiple secrets can be present simultaneously, and all are equally valid. Select ‘Add’ to enter a display name and a lifetime of the secret (up to a maximum of 24 months). After a short delay, the secret value will be displayed. This is the only time these values will be displayed, so you must make a note of them before closing the window.
Reply URLs
A reply URL is required to allow the app registration to redirect a user's browser back to your application after authentication. More than one URL is allowed. Each URL can refer to a web app (WEB) or a single-page application (SPA). Select ‘Add’ to specify the type and value of the new entry.
URLs must be HTTPS unless they refer to localhost.
Owners
A registration can have multiple owners. Owners can view and edit the registration via Toolkit. By default, the current Toolkit user will be assigned as an owner, but additional users can be added. There must always be at least one owner.
Delete selected application
After confirmation, this will permanently remove the specified application from Azure.
Graph API permissions tab
This displays the currently assigned API permissions. Toolkit applies a minimal set of permissions by default. You can select and apply additional permissions from the dropdown menu if required.
Configuration tab
Displays information for configuring your application to use this registration. The group assignments section details the group IDs that will be returned as a GUID in the claims.
The default groups returned are listed on the Understanding users and groups page.
You can assign additional institutional groups as required, and remove one or more of the default groups, as long as at least one group is present.
App manifest tab
Displays a definition of all the attributes of the current application object in Entra ID.
Get help
If you need further support with Toolkit, raise a ticket in the IT self-service portal. Mark it for the attention of the collaboration tools team.