Four purpose-built tools covering every angle of Microsoft Entra™ ID app management: troubleshoot authentication flows, analyze tenant security, perform administrative operations, and configure apps — all browser-based, MSAL PKCE-authenticated, and built to OWASP client-side security standards.
Every tool in the AppConfig² Suite is built on the same architecture and security principles, all targeting Microsoft Entra™ ID app registrations through the Microsoft Graph API.
All tools operate on Entra ID app registrations and service principals in your tenant, queried through the Microsoft Graph API. Your data never leaves your Microsoft tenant.
All tools authenticate via MSAL (OAuth) Authorization Code Flow with PKCE — no implicit flow, no client secrets stored in the browser. Sessions are isolated per tab using sessionStorage.
sessionStorage
All tools are hosted on Azure Static Web Apps. AppConfig and AppTesting additionally include an Azure Functions backend component to support client credentials flow testing and confidential client scenarios. No data is processed or stored outside your Microsoft tenant.
A simple troubleshooting task like checking if an app role or optional claim appears in a token requires:
Install Fiddler or network tracer on user's machine, configure HTTPS decryption, deal with certificate warnings
Start trace, authenticate through the app, stop trace, filter hundreds of requests to find the right authentication frames
Copy JWT tokens from response, paste into jwt.ms or another decoder, manually search through claims
Switch to Azure portal, find the app registration, navigate through multiple menus to locate configuration settings
Add app role or optional claim in portal, wait for changes to propagate, repeat entire testing process from step 1
The same task, reimagined:
Choose your app from the dashboard, click "Test Authentication" - tokens are captured and decoded automatically
View all claims in a clean interface, instantly see what's missing or incorrect
Click "Add App Role" or "Configure Optional Claims" right from the same interface
Test again to see the updated token with new claims
Based on real-world troubleshooting time savings
No need for Fiddler, Postman, token decoders, or multiple browser tabs
Automatic backups before changes, one-click restore if needed
Test, analyze, configure, and verify - all in one interface
Full-featured configuration management tool. Test, modify, and restore Entra ID application settings with comprehensive backup capabilities.
Read-only analysis and troubleshooting tool. Perfect for environments where configuration changes must be made through the Entra portal.
Read-only tenant analytics tool. Gain a single pane of glass into every app registration — security scores, credential health, permission risks, and attack surface mapping across your entire tenant.
Admin operations toolkit. Nine focused Entra ID management tools for consent audit, credential rotation, workload identity federation, manifest editing, policy management, and JWT token inspection.
Each tool is purpose-built for the roles that need it most.
Troubleshoot complex application issues with comprehensive analysis and token inspection tools.
Test OAuth2/OIDC flows, validate claims mappings, and verify Entra ID integrations end-to-end.
Manage app registrations, track credentials, configure permissions, and access portal deep-links.
Executive-level health scorecards, at-risk app counts, and exportable governance reports.
Analyze security posture, attack surface exposure, and permission risks across the tenant.
Full app inventory, ownership gaps, audience exposure analysis, and multi-tenant visibility.
Perform consent cleanup, role assignments, and credential rotation without navigating multiple Azure Portal blades.
Configure workload identity federation for GitHub Actions, Azure DevOps, and Kubernetes — no long-lived secrets required.
Configure claims mapping policies and optional claims for custom token shapes without hand-editing raw JSON manifests.
Audit and revoke OAuth consent grants; monitor credential expiry across all app registrations in the tenant.
Test OAuth2/OIDC flows with automatic token capture and real-time claims analysis.
Create and test claims mapping policies with instant token verification.
Modify app settings with automatic backups and one-click restore (AppConfig only).
Embedded Microsoft Graph Explorer for advanced queries and troubleshooting.
View configured API permissions, delegated scopes, and conditional access policies for single-app troubleshooting.
Complete app role and permission lifecycle management in one interface.
Get the complete AppConfig² Suite with a 1-month free trial. Native Azure integration, enterprise-grade security, and professional support included.
Deploy in minutes • Professional support included
AppConfig² is created by an experienced team of identity practitioners with deep expertise across legacy and modern authentication—from Kerberos to OpenID Connect. We turn real-world enterprise experience into practical tools that make IAM testing, troubleshooting, and configuration fast, safe, and clear.
By IAM experts for IAM teams
Safe testing with automatic backups
Regular updates based on feedback
Scalable for complex organizations
Reduce troubleshooting from hours to minutes and redirect that time to high-value activities
Optimize operational procedures, and implement preventive measures to avoid major incidents
Focus on strategic initiatives, architecture improvements, and security enhancements
Help other team members, conduct knowledge sharing sessions, improve documentation
Questions, issues, or feedback? Our team is here to help.