Terms of Use

Last updated: July 2025

1. Acceptance of Terms

By accessing or using AppConfig², you agree to comply with these Terms of Use. If you do not agree to these terms, please do not use the Service.

2. Description of Service

AppConfig² is a comprehensive tool designed to simplify the management and testing of Microsoft Entra ID applications. It provides a wide range of functionalities, including:

  • Application Registration Management: Easily create, modify, and delete Microsoft Entra ID app registrations.
  • Authentication Testing: Simulate and analyze authentication flows, including OAuth 2.0, OpenID Connect, and SAML-based sign-ins.
  • Token Decoding and Analysis: Inspect and validate JWT, SAML, and access tokens, identifying claims, signatures, and expiration details.
  • API Permission Configuration: Manage and adjust API permissions granted to applications via Microsoft Graph.
  • Role-Based Access Control (RBAC): Assign and manage application roles within your Microsoft Entra ID environment.
  • Graph API Explorer: Perform deep inspections of application settings, policies, and conditional access configurations through integrated Graph API queries.
  • Redirect URI and Authentication Method Management: Modify and test redirect URIs, authentication methods, and application secrets in real-time.
  • Session Management and Silent Authentication: Enable session persistence and silent authentication flows to optimize user experience.
  • Claims Mapping Policy Management: Create, edit, and assign claims mapping policies to customize token claims.
  • Directory Extensions Management: Create and manage custom directory extensions and attributes.
  • Permission Analysis: Analyze application permissions and identify potential security risks.
  • User Provisioning: Provision and deprovision users for testing purposes.
  • Backup and Restore: AppConfig² creates automatic backups for each tested application, enabling you to restore original app configuration after testing.

AppConfig² is designed for operations teams, IT administrators, security engineers, and developers who need a streamlined way to manage Microsoft Entra ID applications, ensuring compliance, security, and efficient application integration.

3. Service Availability & Access Control

Tenant Allowlist System: AppConfig² uses a secure allowlist system to control access. Only pre-authorized organization tenants can use the application. Your organization's tenant ID must be added to our allowlist before you can access the service.

To request access for your organization:

  • Contact your IT administrator to submit a tenant allowlist request
  • Email us directly at support@appconfig.app with your tenant ID and organization details
  • Access requests are typically processed within 1-2 business days

AppConfig² is currently in Early Access phase and may have limited availability or scheduled maintenance periods.

4. User Responsibilities & Acceptable Use

Users must:

  • Use AppConfig² only for authorized purposes within their organization and in compliance with their organization's IT policies
  • Ensure that all necessary permissions and consents are granted before using the Service
  • Only test applications and configurations that they are authorized to modify
  • Use the backup and restore functionality responsibly to avoid disrupting production applications
  • Refrain from reverse engineering, unauthorized access, or misuse of the platform
  • Not attempt to access data or applications outside their authorized scope
  • Report any security vulnerabilities or unauthorized access immediately

Prohibited Uses:

  • Using AppConfig² to access or modify applications without proper authorization
  • Attempting to bypass security controls or access restrictions
  • Using the service for malicious purposes or to compromise system security
  • Violating any applicable laws or regulations while using the service

5. Administrator Consent & Required Permissions

AppConfig² requires administrator consent and specific Microsoft Graph API permissions to function effectively. By granting these permissions, administrators acknowledge that the Service will be able to:

  • Application Management: Read, create, update, and delete application registrations within the Microsoft Entra ID tenant
  • User Management: Read user profiles and provision/deprovision users for testing purposes
  • Directory Management: Read directory information and manage directory extensions
  • Policy Management: Read and manage claims mapping policies and conditional access policies
  • Token Analysis: Request and analyze authentication tokens for testing and debugging
  • API Permissions: Modify application API permissions and consent settings

Administrator Responsibilities: Tenant administrators are responsible for ensuring that AppConfig² usage complies with their organization's security policies and that only authorized personnel have access to the service.

6. Data Handling & Caching

AppConfig² employs local browser caching to improve performance:

  • Local Storage: Application metadata, configuration data, and user preferences are temporarily stored in your browser's local storage for up to 5 minutes
  • No Server Storage: No user data or application configurations are permanently stored on AppConfig² servers
  • Session Data: Authentication tokens and session information are maintained only for the duration of your active session
  • Cache Clearing: You can clear cached data at any time through your browser settings or by logging out of the application

7. Data Collection & Privacy

AppConfig² does not store, share, or misuse any user data. The Service operates entirely within the Microsoft Entra ID environment, and no user information is retained outside the session. Please refer to our Privacy Policy for more details.

8. Service Modifications & Updates

We reserve the right to:

  • Modify, update, or discontinue features of AppConfig² with reasonable notice
  • Perform scheduled maintenance that may temporarily affect service availability
  • Update security measures and access controls as needed
  • Add or remove tenant access from the allowlist based on security or compliance requirements

9. Limitation of Liability

The Service is provided "as is" without warranties of any kind. AppConfig² and its developers are not responsible for:

  • Any direct or indirect damages arising from the use or inability to use the Service
  • Data loss or corruption that may occur during application testing
  • Unauthorized access to your Microsoft Entra ID environment by third parties
  • Business interruption or service downtime
  • Compliance violations resulting from improper use of the service

User Responsibility: Users are responsible for maintaining backups of critical application configurations and testing changes in non-production environments when possible.

10. Early Access Program

AppConfig² is currently offered as part of an Early Access Program:

  • Features and functionality may change without notice
  • Service availability is not guaranteed
  • Early access participants may be asked to provide feedback and testing assistance
  • Transition to paid service may occur with advance notice to early access users

11. Changes to Terms

We may update these terms periodically to reflect changes in our Service. Users will be notified of significant updates through the application or email, and continued use of AppConfig² after such updates constitutes acceptance of the revised terms.

12. Contact & Support

If you have any questions about these Terms of Use, need technical support, or want to request tenant access, please contact us at support@appconfig.app.