App details
When you click on a row in the app list, a detail view (also known as the “details mask”) opens on the right-hand side of the screen. This panel provides a comprehensive summary of the selected application, segmented into several functional tabs.
The detail view allows you to:
- Review critical app data, including identifiers and ownership.
- Navigate through credentials, secrets, and permissions.
- Perform key management tasks, such as renewing expiring credentials or updating sponsor roles.
The layout is designed to be intuitive:
- A left-hand navigation menu lets you jump between the main categories: Overview, Credentials, Owners, and Settings.
- The content on the right dynamically updates based on the selected section.
- Actions like editing, uploading, or assigning appear inline—typically accessible via buttons or icons within each section based on your permissions.
This interface supports both App Registrations and Enterprise Applications, with some sections adapting based on the app type (e.g., SAML certificates will appear only for SAML-enabled enterprise apps).
Excellent—thanks for confirming! We’ll drop the appendix for now and move forward with rewriting, starting with the App Detail View (Intro) and Overview sections. These will set the foundation for the rest of the documentation.
Overview
The Overview section provides key identifying and operational details for the selected application. It acts as a summary snapshot and a starting point for deeper navigation.
| Field | Description |
|---|---|
| Application (client) ID | The globally unique identifier used to access the app in APIs and services. |
| Object ID | The internal identifier for the app within Microsoft Entra ID (formerly Azure AD). |
| App Type | Indicates whether the app is an App Registration or an Enterprise Application. |
| Credential Warnings | Visual alerts for credentials that are expired or nearing expiration. |
Credential Warning Indicators
- 🟡 Yellow – One or more credentials will expire soon.
- 🔴 Red – One or more credentials have already expired.
Clicking on the card will redirect you to the relevant credential section (either Certificates or Secrets) for follow-up action.
Certificates and Secrets
The Certificates and Secrets section is where you manage the security credentials associated with your application. These credentials allow apps to authenticate securely and are essential for maintaining reliable integrations and access.
Depending on the application type, different credential types will be shown:
| App Type | Visible Credential Tabs |
|---|---|
| App Registration | Certificates and Secrets |
| Enterprise Application | SAML Certificates (if SAML is enabled) |
Certificates
Certificates are used to establish trust between your application and services it interacts with. These are public key credentials uploaded manually.
Tab Layout
The Certificates tab includes the list of all certificates, including:
- Expired or Expiring Soon – Credentials that require immediate attention.
- Current – Valid certificates that are not close to expiration.
Each certificate is shown in a table with the following columns:
| Column | Description |
|---|---|
| Description | Optional label added during upload. |
| Thumbprint | A hashed value used to identify the certificate. |
| Certificate ID | Unique identifier for the certificate. |
| Task Status | Tracks the state of any task linked to expiring/expired certificates. |
| Assigned To | User responsible for handling the related renewal/removal. |
| Expiration | Shows the expiry date and current validity status. |
Certificate Management Actions
-
Add a Certificate Upload
.cer,.pem, or.crtfiles using the “Add certificate” button. You may include a description to help identify the credential. -
Remove a Certificate Use the trash bin icon next to the certificate’s row. A confirmation popup will appear before deletion.
Secrets
Secrets are password-like credentials that apps use to authenticate. They are only applicable for App Registrations.
Tab Layout
The Secrets tab includes the list of all secrets, including:
- Expired or Expiring Soon – Credentials that require immediate attention.
- Current – Valid secrets that are not close to expiration.
Each secret entry includes:
| Column | Description |
|---|---|
| Description | Optional user-supplied name for the secret. |
| Secret Id | System-generated unique identifier for the secret. |
| Task Status | Status of any task created to manage the secret. |
| Assigned To | User responsible for rotating or removing the secret. |
| Expiration | Shows current expiration and status. |
Secret Management Actions
-
Add a Secret
- Click “Generate new”.
- Choose an expiration period (e.g., 180 days).
- Optionally enter a description.
- Click “Let’s do it” to generate.
-
Remove a Secret
- Click the trash bin icon next to the secret.
- Confirm the deletion in the popup.
SAML Certificates
If the application is an Enterprise Application configured for SAML authentication, you will see a SAML Certificates tab instead of standard certificates or secrets.
This tab lists identity provider (IdP) certificates used in SAML-based Single Sign-On (SSO) setups. These certificates are not editable from this interface and are typically managed via federation settings or through external identity providers.
| Field | Description |
|---|---|
| Certificate Name | Friendly name or alias used for the certificate. |
| Thumbprint | Identifies the SAML certificate uniquely. |
| Expiration | Indicates if the certificate is valid, expiring, or expired. |
Credential Tasks and Automation
When a certificate or secret is about to expire or has expired, the system automatically generates a task to track required action.
Task Fields:
| Field | Description |
|---|---|
| Task Status | New, Open, or custom-defined statuses based on activity. |
| Assigned To | User handling the credential. |
| Comments | Space for notes and collaboration. |
Users with permission can:
- Assign tasks to themselves or others.
- Update the task status.
- Add comments or progress updates.
You can open a task using the action button on the row. A detail window will appear to manage task data.
Owners
The Owners section allows you to view and manage the individuals and entities who have control or delegated access to the application. There are two distinct types of access roles:
- Owners – Full administrative control.
- Sponsors – Delegated, permission-scoped control.
Both are critical for maintaining governance, ensuring credential rotation, and distributing operational responsibilities.
Administrators with the appropriate Entra ID permissions can also manage the application. These permissions are verified with Entra ID each time a details pane is accessed.
Sponsors
Sponsors are users who have been delegated specific responsibilities by an app owner. This model enables secure, fine-grained access without granting full control. You can use sponsors for pure documentation purposes or for the manipulation of individual apps.
Sponsor Characteristics:
- Always user accounts (no service principals).
- Role-specific permissions configurable by owners and admins for each individual app.
- Useful for distributing credential management or compliance tasks.
Sponsor Permissions
Sponsors only see and interact with what they are explicitly allowed to manage. Permissions are set individually per sponsor by the application owners.
You can assign or revoke the following permissions:
| Permission | Description |
|---|---|
| Change app sponsors | Can manage (add/remove) other sponsors. |
| Change app owners | Can modify the app’s owner list. |
| Change certificates and secrets | Can manage credentials (rotate, delete, assign tasks). |
| Change app settings | Can update settings, such as notification preferences. |
Permissions are managed from the Settings tab under the Sponsor Permissions panel.
If you assign a sponsor to an app and want to grant them the ability to change app owners or manage certificates and secrets, the EasyLife 365 Identity must be added to the app's owners list. This allows it to perform these actions on behalf of the sponsor. When enabling this feature, the interface will prompt an admin or owner to perform the necessary operation.
How to Manage Sponsors
- Open the application detail view.
- Go to the Owners tab.
- Click the “+ Add sponsor” button.
- Search for the user you want to delegate.
- After assigning, navigate to the Settings tab.
- In the Sponsor Permissions section, configure the allowed actions.
- To remove a sponsor, use the trash bin icon in the Sponsors list.
Owners
Owners have full control over the application and are responsible for managing its lifecycle, including:
- Adding/removing other owners or sponsors
- Managing credentials (certificates and secrets)
- Changing app configuration
- Enabling or disabling notification settings
Owner Types:
- Users – Individual user accounts.
- Applications (Service Principals) – Automated agents or systems granted ownership privileges.
All owners are listed in a unified view. The UI also indicates the type (user or application) for each entry.
How to Manage Owners
- Navigate to the app via App Registrations > All or Enterprise Applications > All.
- Select the desired application to open its detail view.
- Open the Owners tab.
- Click the “+ Add owner” button.
- Use the search popup to locate and select the user or application you want to add.
- To remove an owner, click the trash bin icon next to their name.
Only users with ownership rights, admins, or delegated sponsor permissions (if allowed) can make these changes.
Owners vs Sponsors: Role Comparison
| Capability | Owner | Sponsor (if permitted) |
|---|---|---|
| Modify credentials | ✅ | ✅ (if allowed) |
| Add/remove owners | ✅ | ✅ (if allowed) |
| Add/remove sponsors | ✅ | ✅ (if allowed) |
| Configure app settings | ✅ | ✅ (if allowed) |
Settings
The Settings section provides configuration options specific to the selected application. These settings primarily focus on operational preferences, access delegation controls, and notification behaviors.
Only users with one of the following roles can modify settings:
- Entra ID Administrators
- Application Owners
- Sponsors with the Change app settings permission
Sponsor Permissions
This section lets application owners define the specific scope of access for each sponsor assigned to the application.
Each sponsor entry has a dedicated row showing their name and a set of toggle switches or checkboxes to grant or revoke individual permissions:
| Permission | Effect |
|---|---|
| Change app sponsors | Allows managing (add/remove) other sponsors. |
| Change app owners | Allows modifying the owner list. |
| Change certificates and secrets | Grants access to credential tasks such as rotation or deletion. |
| Change app settings | Enables access to this Settings panel. |
Changes take effect immediately and are reflected in the sponsor’s available UI options.
Credential Settings
Credential expiration notifications help ensure that app stakeholders are aware of upcoming issues and can act before disruptions occur.
By default, EasyLife 365 Identity sends notifications to app owners and eligible sponsors when credentials are nearing expiration or have expired. However, notifications are suppressed if the app’s credentials are known to be automatically managed, either by another service principal, a user, or a well-known automated system.
EasyLife 365 Identity determines whether an app is considered managed in two ways:
- Explicit designation: You can manually indicate that credentials for this app are automatically managed by selecting the corresponding checkbox.
- Implicit detection: If no manual designation is made, EasyLife 365 Identity uses a built-in list of well-known managed app owners. If one of these entities appears among the app’s owners, the app will be considered managed and notifications will not be sent.
Administrators can override the default managed owner list by specifying a custom list of trusted credential managers. See the relevant section in the Admin documentation for more details.
Receive notifications for expiring credentials
This setting is enabled by default. When unchecked, EasyLife 365 Identity will stop sending email alerts and suppress in-app reminders about expiring credentials for this app.
If the app is automatically identified as managed (either explicitly or via the managed owner list), this setting is automatically unchecked. In that case, the justification will display as: "Managed application".