In our latest webinar, Your Application Roadmap, attendee Kyle asked this question.
Yes, absolutely. App Governance Accelerator provides visibility into both SAML-based and OAuth applications in Microsoft Entra ID, but it goes beyond simply identifying those apps.
For example, it includes reporting on SSO SAML certificates, which can represent a significant attack surface if certificates are expired, misconfigured, or poorly managed. It also helps identify applications that use specific authentication methods or libraries, such as MSAL, so administrators can better understand how applications are authenticating and where potential risks or outdated approaches may exist.
The goal is to give IT and security teams a broader view of application authentication and authorization, permissions, and governance risks across the tenant, not just a basic inventory of apps.
Additional reading on the AppGov Score blog: SAML vs OIDC vs OAuth 2.0: Strategic Identity Protocols Explained