Before AppConfig² Suite:
Typical triage effort3+ hours per issue
- Install Fiddler, capture traffic, decode tokens manually — 3+ hours per issue
- No built-in token inspection or auth flow troubleshooting — diagnosing issues means reaching for external tools or writing custom scripts
- No tenant-wide visibility: credential expiry, risky permissions, and stale apps discovered reactively — after incidents
More friction points
- Claims mapping policies and consent management require complex PowerShell scripts or navigating multiple portal blades
After AppConfig² Suite:
Typical triage effortMinutes, not hours
- AppConfig: Safe app configuration changes while troubleshooting, with auto-backup and one-click restore — minutes, not hours
- AppTesting: Read-only token decode, auth flow testing, and troubleshooting
- AppDashboard: Tenant-wide security scorecard — expiring credentials, risky permissions, and attack surface at a glance
More capabilities
- AppTooling: Consent grants, claims mapping policies, and manifest edits — all admin operations in one place
Choose Your Tool
AppTesting
Best For: Read-Only Diagnostics
Read-only troubleshooting and token diagnostics for controlled production environments.
- Authentication flow testing
- Token decoding & analysis
- Permission analysis
- Conditional access insights
Full details are available on the AppTesting page.
Explore AppTestingAppConfig
Best For: Controlled Configuration Changes
Full lifecycle configuration management with guarded writes and rollback safety.
- Includes all AppTesting features, plus:
- Modify app configurations
- Automatic backup & restore
- Claims mapping policies
- App role management
See full capability coverage on the AppConfig page.
Explore AppConfigAppDashboard
Best For: Tenant-Wide Security Visibility
Tenant-wide security analytics for risk triage, governance reporting, and executive visibility.
- Tenant-wide app inventory & health scorecard
- Security posture
- Attack surface & risk-tier mapping
- Credential & secret expiry tracking
- Permission risk inventory
Advanced dashboards and exports are detailed on the AppDashboard page.
Open AppDashboardAppTooling
Best For: Entra Admin Operations
Admin operations toolkit for consent, identities, manifests, and credential lifecycle tasks.
- Consent Manager — audit & revoke OAuth grants
- AppRole Assignment Manager
- Credential & Secret Manager per app
- Federated Identity Credentials (Workload Identity)
- Claims Mapping Policy CRUD
The full ten-tool catalog is available on the AppTooling page.
Explore AppToolingWho is AppConfig² Suite for?
Each tool is purpose-built for the roles that need it most.
L3 Support
Troubleshoot complex application issues with comprehensive analysis and token inspection tools.
Developers
Test OAuth2/OIDC flows, validate claims mappings, and verify Entra ID integrations end-to-end.
IT Admins
Manage app registrations, track credentials, configure permissions, and access portal deep-links.
IT Managers
Executive-level health scorecards, at-risk app counts, and exportable governance reports.
Security Engineers
Analyze security posture, attack surface exposure, and permission risks across the tenant.
Tenant Managers
Full app inventory, ownership gaps, audience exposure analysis, and multi-tenant visibility.
Entra ID Admins
Perform consent cleanup, role assignments, and credential rotation without navigating multiple Azure Portal blades.
DevSecOps Engineers
Configure workload identity federation for GitHub Actions, Azure DevOps, and Kubernetes — no long-lived secrets required.
Identity Architects
Configure claims mapping policies and optional claims for custom token shapes without hand-editing raw JSON manifests.
Security & Compliance
Audit and revoke OAuth consent grants; monitor credential expiry across all app registrations in the tenant.
Key Capabilities
End-to-End Testing
Test OAuth2/OIDC flows with automatic token capture and real-time claims analysis.
Claims Management
Create and test claims mapping policies with instant token verification.
Safe Configuration
Modify app settings with automatic backups and one-click restore (AppConfig only).
Graph Integration
Embedded Microsoft Graph Explorer for advanced queries and troubleshooting.
Permission Review
View configured API permissions, delegated scopes, and conditional access policies for single-app troubleshooting.
Role Management
Complete app role and permission lifecycle management in one interface.
One Suite. One Foundation. Four Tools.
Every tool in the AppConfig² Suite is built on the same architecture and security principles, all targeting Microsoft Entra™ ID app registrations through the Microsoft Graph API.
Microsoft Entra™ ID Apps
All tools operate on Entra ID app registrations and service principals in your tenant, queried through the Microsoft Graph API. Your data never leaves your Microsoft tenant.
MSAL PKCE Authentication
All tools authenticate via MSAL (OAuth) Authorization Code Flow with PKCE — no implicit flow, no client secrets stored in the browser. Sessions are isolated per tab using sessionStorage.
Azure Static Web Apps
All tools are hosted on Azure Static Web Apps. AppConfig and AppTesting additionally include an Azure Functions backend component to support client credentials flow testing and confidential client scenarios. No data is processed or stored outside your Microsoft tenant.
AppConfig² Suite – Tool Comparison
See which capabilities are available across each tool.
AppConfig
Full management, safe writes, and rollback-ready lifecycle operations.
AppTesting
Read-only flow testing and token analysis in controlled environments.
AppDashboard
Tenant analytics, risk posture, and executive security score visibility.
AppTooling
Focused admin operations for consent, manifests, identity, and credentials.
| Capability | AppConfig | AppTesting | AppDashboard | AppTooling |
|---|---|---|---|---|
| Analysis & Testing | ||||
| Authentication Flow Testing | — | — | ||
| Token Analysis & Decoding | — | |||
| Permission & Scope Review | — | — | ||
| Graph Explorer & OData Queries | — | |||
| Service Principal Overview | — | — | ||
| Certificate Monitoring | — | — | — | |
| Configuration Management | ||||
| App Configuration & Redirect URI Management | — | — | — | |
| App Roles & User Provisioning | — | — | ||
| Claims Mapping & Client Secret Management | — | — | ||
| Backup & Restore | — | — | ||
| Lifecycle Management | — | — | — | |
| Tenant Analytics & Security Visibility | ||||
| Tenant-Wide App Inventory | — | |||
| Health Scorecard & Security Alerts | — | — | — | |
| Security Posture, Risk Tiers & Attack Surface Mapping | — | — | — | |
| Credential Expiry Tracking & Permission Risk Inventory | — | — | — | |
| Entra ID Admin Operations | ||||
| Consent Manager & AppRole Assignment | — | — | ||
| Credential & Secret Manager (per App Registration) | — | — | ||
| Federated Identity Credentials (Workload Identity Federation) | — | — | — | |
| Claims Mapping Policy, Manifest & Optional Claims Editor | — | — | ||
Start Your Free Trial Today
Launch AppConfig² Suite with a 1-month free trial and enterprise-ready Azure-native deployment.
Deploy in minutes • Professional support included
Built by Identity Practitioners, for Identity Teams
AppConfig² is built by identity practitioners with enterprise authentication experience from Kerberos to OpenID Connect. We convert field-proven IAM practices into tools that keep testing, troubleshooting, and configuration precise, safe, and repeatable.
Practitioner-Built
By IAM experts for IAM teams
Security-First
Safe testing with automatic backups
Continuously Improved
Regular updates based on feedback
Enterprise Ready
Scalable for complex organizations
Invest Your Saved Time Where It Matters
Reduce troubleshooting from hours to minutes and redirect that time to high-value activities
Improve Processes
Optimize operational procedures, and implement preventive measures to avoid major incidents
Innovate & Build
Focus on strategic initiatives, architecture improvements, and security enhancements
Collaborate & Support
Help other team members, conduct knowledge sharing sessions, improve documentation
Need Help? Contact Support
Questions, production issues, or roadmap feedback? Our team is here to help.