Deprecation of the ‘Users Can Add Gallery Apps’ setting

The setting ‘Users Can Add Gallery Apps’ is removed from the Microsoft Graph and seems deprecated…
However, there has been no official communication from Microsoft around this… Not in the message center, not in the What’s New in Entra ID and not in the What’s deprecated in Entra ID Learn documents.

The setting, when enabled, would allow users to add password-vaulted apps from the app gallery. The most talked about use case for this feature was Twitter. When enabled, a user could add Twitter, specify their Twitter username and password, have Entra ID store those credentials and allow the user to have single sign-on access to their Twitter account from their access portal (myaccess.microsoft.com). Every guide recommends disabling this setting, as it leads to shadow IT.

I feel that Microsoft has removed the feature to configure it for all tenants to ‘No’. What do you think?

Hey Sander, where was this setting in the portal? I tried looking for it in Portal too, but it must have been removed there too. I do remember seeing it in a tenant as recently as a few weeks ago I’m sure. I also discovered Twitter in a tenant that had been configured for “Password-based SSO” is this what you are talking about as the use case?

Hey Sander, where was this setting in the portal? I tried looking for it in Portal too, but it must have been removed there too. I do remember seeing it in a tenant as recently as a few weeks ago

Hey, Matt.

This setting was located on the User Settings pane for Enterprise applications.

I also discovered Twitter in a tenant that had been configured for “Password-based SSO” is this what you are talking about as the use case?

No, I don’t believe user-configured apps through this option show up in the list of Enterprise Apps…