Application Management in AZExecute

AZExecute provides comprehensive management for Entra ID/Entra ID Application Registrations and their associated Service Principals. This powerful feature set enables automated credential rotation, certificate lifecycle management, permission governance, and seamless integration with various Azure and third-party services.

What are Applications?

In Entra ID/Entra ID, an Application Registration defines your application and its authentication requirements, while a Service Principal represents the application's identity in a specific tenant. Together, they enable secure, automated access to Azure resources and APIs without requiring interactive user authentication.

AZExecute manages both the Application Registration and its Service Principal, providing a unified interface for all aspects of application identity lifecycle management.

Application Concept

Key Features

Secret Rotation

Automated client secret lifecycle management with configurable rotation schedules. Secrets can be automatically deployed to multiple destinations including:

� Azure Key Vault - Store secrets securely for Azure workloads

� Azure DevOps - Update service connection secrets automatically

� Vercel - Update environment variables for serverless deployments

� Logic App API Connections - Keep connector credentials current

� Custom Automation Tasks - Trigger your own deployment workflows

Certificate Management

Full certificate lifecycle automation for certificate-based authentication. Features include:

� Self-signed certificate generation with configurable lifetimes

� Automatic renewal before expiration

� Seamless deployment to Azure Key Vault

� Support for PFX, PEM, and CER formats

� Configurable renewal thresholds and notifications

Permission Management

Comprehensive permission governance system featuring:

� View and manage application roles (App Roles)

� Expose custom API scopes for your application

� Review granted API permissions (both delegated and application)

� Manage pre-authorized client applications

� Request-approval workflow for permission changes

Multi-Owner Administration

Flexible ownership model allowing multiple administrators per application with:

� Role-based access control (owner vs. viewer)

� Request workflow for gaining administrator access

� Audit trails of all administrative actions

Features Overview

Application States

Applications in AZExecute can exist in different states that control automated processing and available actions:

Active: Full automation enabled - secrets and certificates rotate automatically

Disabled: Automation paused - no automated rotations occur

Deleted: Soft-deleted - can be reactivated if application still exists in Azure

Orphaned: Service Principal missing but Application Registration exists

MissingInAzure: Application was deleted from Entra ID but remains in database

Error: Critical data integrity issue requiring investigation

Only applications in Active state participate in automated credential rotation. Other states allow viewing and limited management but prevent automated actions.

Common Use Cases

Automated Secret Rotation for Microservices

Configure your application to rotate secrets every 90 days with automatic deployment to Azure Key Vault. Your microservices retrieve the current secret from Key Vault, ensuring zero-downtime credential updates.

Certificate-Based Authentication for Production Services

Enable certificate authentication with automatic annual renewal. Certificates are deployed to Key Vault 30 days before expiration, allowing ample time for testing before the old certificate expires.

Vercel Serverless Applications

Automatically rotate client secrets and update Vercel environment variables across production, preview, and development environments. Optionally trigger automatic redeployment to apply changes immediately.

Permission Governance

Use the permission request system to implement approval workflows for API access. Application owners can review and approve permission requests from other applications, maintaining least-privilege security posture.

Getting Started

To begin managing applications in AZExecute:

1. Import existing application registrations from Entra ID

2. Configure secret rotation, certificate management, or both

3. Set up integrations with Key Vault, DevOps, Vercel, or other services

4. Add administrators who can manage the application

5. Activate the application to enable automated rotation

Start with Importing Applications

If you encounter any issues or need further assistance, please contact us at

info@azexecute.com

. Our support team is here to help you.

An unhandled error has occurred. Reload 🗙
An unhandled error has occurred. Reload 🗙