User Tools

Site Tools


general:registering_an_organziation_with_the_app_store

Registering an Organization with the Industrial App Store

If an organization uses Microsoft Azure Active Directory (AAD), we recommend that they register with the Industrial App Store.

Registering allows the Industrial App Store to delegate the responsibility of user authentication to your organization's Azure Active Directory.

Registering has the following advantages:

  • Single Sign-On is enabled for users, meaning they can log in to the Industrial App Store with their work credentials.
  • Organizations can enforce the use of security features such as multi-factor authentication (MFA) when signing users in.
  • Organizations can control who can sign in to IAS via AAD groups.
  • Organizations can review Industrial App Store sign-in activity via Azure Portal.

Organizations can remove the Industrial App Store from their approved application list at any time. Registering does not allow Intelligent Plant to browse an organization's Azure Active Directory, view or modify group memberships, or obtain secure credentials such as passwords.

For more information about how Azure AD supports user sign-in, refer to Microsoft's notes on Understanding Azure AD application consent experiences.

Who can Register an Organization?

To register with the Industrial App Store, your organization must use Microsoft Azure Active Directory. If your organization uses Microsoft 365 Enterprise, (formerly Office 365) you are already using Azure Active Directory!

To be able to register your organization, you must be assigned to one of the following Azure Active Directory Roles:

  • Global Administrator
  • Application Administrator
  • Cloud Application Administrator

If you are unsure if you have the required permissions, contact your IT administrator.

How does Organization Registration Work?

On successful registration, Intelligent Plant Industrial App Store is added to your organization's AAD Enterprise Applications list.

IT administrators can view registered applications and configure or review user access via Azure Portal.

What Permissions are Requested?

The Industrial App Store requests the "Sign in and read user profile" permission for the Microsoft Graph. This permission (also known as User.Read) allows the Industrial App Store to retrieve basic information about your organization's users when they sign in to personalise their experience. For more info on how this data is used, refer to our Privacy Policy.

Consent for this scope is requested on behalf of your organization, which is why you must be in one of the required administrative roles described above in order to grant this consent.

The Industrial App Store previously used Microsoft's Azure AD Graph to retrieve user information. When registering your organization, you may see “Sign in and read user profile” listed twice in the requested permissions (once for the Microsoft Graph and once for the Azure AD Graph):

Microsoft has announced that the Azure AD Graph is being retired in favour of the Microsoft Graph. Requesting the permission from both APIs allows the Industrial App Store to maintain backwards compatibility until support for the Azure AD Graph is removed.

general/registering_an_organziation_with_the_app_store.txt · Last modified: 2022/06/09 09:37 by su