Skip to content

Configure Microsoft login as a federated authenticator

Microsoft login can be used as a federated authenticator in the Identity Server.

Follow the steps given below to configure WSO2 Identity Server to authenticate users with their Microsoft accounts.

Register WSO2 Identity Server on Microsoft

You need to register WSO2 Identity Server as an OAuth2.0 application on Microsoft Entra ID.

Note

For detailed instructions, you can follow the Microsoft documentation.

  1. Sign in to the Microsoft Entra admin center using an account with administrator permission.

    Note

    You must use an account in the same Microsoft 365 subscription (tenant) with which you intend to register the app.

  2. Go to Identity > Applications > App registrations and select New registration.

  3. Click Add and select App registration from the list.

  4. Provide the required information for app registration.

Register an application on the Microsoft Entra admin center

<table>
    <tr>
        <th>Parameter</th>
        <th>Description</th>
    </tr>
    <tr>
        <td>Name</td>
        <td>Enter a meaningful name for your application.</td>
    </tr>
    <tr>
        <td>Supported Account Type</td>
        <td>Select the supported account type. <br><b>Value: </b><code>Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)</code></td>
    </tr>
    <tr>
        <td>Redirect URI</td>
        <td>Select <b>Web</b> as the platform and provide the URL to redirect after the login is completed.<br><b>Value:</b> <code>{{ product_url_format }}/commonauth</code></td>
    </tr>
</table>

  1. Click Register to create the application.

    Note

    Take note of the client ID after the application is created.

Now, let's generate a client secret for the application.

  1. Go to Certificates & secrets on the left navigation and click + New client secret.
  2. Enter a description for the client secret and select the expiry time.

  3. Click Add to add the client secret.

    Important

    Take note of the generated Value. Microsoft Entra will allow copying this value only once. This value is the newly generated client secret for your Microsoft connection in WSO2 Identity Server.

Register an identity provider

  1. Log in to the Management Console(https://<IS_HOST>:<PORT>/carbon) using admin/admin credentials.

  2. Navigate to Main > Identity > Identity Providers > Add.

  3. Enter an Identity Provider Name, Display Name, and Description.

  4. Expand the Microsoft (Hotmail, MSN, Live) Configuration section and specify the following values:

    microsoft-configuration

    Parameter Description
    Enable Selecting this option enables Microsoft to be used as an authenticator for users provisioned to the Identity Server.
    Default Selecting the Default checkbox signifies that Microsoft is the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators.
    Client Secret This is the password from the Yahoo application. Click Show to view the value you enter.
    Callback URL

    This is the URL to which the browser should be redirected after the authentication is successful. It should have this format: https://(host-name):(port)/acs.

    Example: https://localhost:9443/commonauth.
    Client Id This is the username from the Microsoft application.

Top