Configure a Microsoft identity provider
The Microsoft identity provider is an OpenID Connect provider with simplified settings, which offers the same features, such as single sign-on and mappers.
Configuration
To configure Microsoft authentication, follow the steps to configure an identity provider, using the properties listed in the table below for reference.
General
Property | Definition |
---|---|
Redirect URI |
URI indicating where the identity provider should redirect after authentication. |
Client ID |
Identifier for the client registered with the identity provider. |
Client secret |
Secret key registered with the identity provider. |
Display order |
Number defining the providers' order of appearance on the login page. Lowest number is listed first. |
Tenant ID |
If specified, uses single-tenant authentication endpoints. Otherwise, uses "common" multi-tenant endpoints. |
Advanced
Property | Definition |
---|---|
Scopes |
Scopes requested for authorization. Supports a space-separated list of scopes. Defaults to |
Sync mode |
Strategy for updating user information from the identity provider through mappers. Possible values are:
|
Verify essential claim |
If enabled, ID tokens issued by the identity provider must have a specific claim for the user to authenticate through this broker. |
Essential claim |
Only available if Verify essential claim is enabled. |
Essential claim value |
Only available if Verify essential claim is enabled. |
Store tokens |
If enabled, the platform stores tokens from the identity provider. |
Accepts prompt=none forward from client |
If enabled, when a client sends a |
Disable user info |
If enabled, the user info service for obtaining additional user information is disabled. By default, the platform uses the OpenID Connect service. |
Trust email |
If enabled, emails provided by this provider are not verified by the platform. |
Mappers
Mappers are generic for all identity provider types.
For more information, see Configure mappers.