You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
2. Sign in to the WSO2 Identity Server [Management
7
+
# Configure Microsoft login as a federated authenticator
8
+
9
+
Microsoft login can be used as a federated authenticator in the
10
+
Identity Server.
11
+
12
+
Follow the steps given below to configure WSO2 Identity Server to
13
+
authenticate users with their Microsoft accounts.
14
+
15
+
## Register WSO2 Identity Server on Microsoft
16
+
17
+
You need to register WSO2 Identity Server as an OAuth2.0 application on Microsoft Entra ID.
18
+
19
+
!!! note
20
+
For detailed instructions, you can follow the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app){:target="_blank"}.
21
+
22
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/){:target="_blank"} using an account with administrator permission.
23
+
24
+
!!! note
25
+
You must use an account in the same Microsoft 365 subscription (tenant) with which you intend to register the app.
26
+
27
+
2. Go to **Identity** > **Applications** > **App registrations** and select **New registration**.
28
+
29
+
3. Click **Add** and select **App registration** from the list.
30
+
31
+
4. Provide the required information for app registration.
32
+
33
+
{: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
34
+
35
+
<table>
36
+
<tr>
37
+
<th>Parameter</th>
38
+
<th>Description</th>
39
+
</tr>
40
+
<tr>
41
+
<td>Name</td>
42
+
<td>Enter a meaningful name for your application.</td>
43
+
</tr>
44
+
<tr>
45
+
<td>Supported Account Type</td>
46
+
<td>Select the supported account type. <br><b>Value: </b><code>Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)</code></td>
47
+
</tr>
48
+
<tr>
49
+
<td>Redirect URI</td>
50
+
<td>Select <b>Web</b> as the platform and provide the URL to redirect after the login is completed.<br><b>Value:</b> <code>{{product_url_format}}/commonauth</code></td>
51
+
</tr>
52
+
</table>
53
+
54
+
5. Click **Register** to create the application.
55
+
56
+
!!! note
57
+
Take note of the client ID after the application is created.
58
+
59
+
Now, let's generate a client secret for the application.
60
+
61
+
1. Go to **Certificates & secrets** on the left navigation and click **+ New client secret**.
62
+
2. Enter a description for the client secret and select the expiry time.
63
+
3. Click **Add** to add the client secret.
64
+
65
+
!!! note "Important"
66
+
Take note of the generated **Value**. Microsoft Entra will allow copying this value only once. This value is the newly generated client secret for your Microsoft connection in WSO2 Identity Server.
67
+
68
+
69
+
!!! tip "Before you register the Microsoft IdP"
70
+
71
+
1. Sign in to the WSO2 Identity Server [Management
| Enable | Selecting this option enables Microsoft to be used as an authenticator for users provisioned to the Identity Server. | Selected |
44
102
| Default | Selecting the **Default** check box signifies that Microsoft is the main/default form of authentication. This removes the selection made for any other **Default** checkboxes for other authenticators. | Selected |
45
-
| Client Secret | This is the password from the Microsoft Live application. Click the **Show** button to view the value you enter. | 12ffb4dfb2fed67a00846b42126991f8 |
103
+
| Client Secret | This is the password from the Microsoft login application. Click the **Show** button to view the value you enter. | 12ffb4dfb2fed67a00846b42126991f8 |
46
104
| Callback URL | This is the URL to which the browser should be redirected after the authentication is successful. It should have this format: ` https://(host-name):(port)/acs `|[https://localhost:9443/commonauth](https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Fcommonauth&sa=D&sntz=1&usg=AFQjCNG7dB10sZ-F07Du9Q5fT-mVDMfobg)|
47
-
| Client Id | This is the username from the Microsoft Live application. | 1421263438188909 |
105
+
| Client Id | This is the username from the Microsoft login application. | 1421263438188909 |
2. Sign in to the WSO2 Identity Server [Management
7
+
# Configure Microsoft login as a federated authenticator
8
+
9
+
Microsoft login can be used as a federated authenticator in the
10
+
Identity Server.
11
+
12
+
Follow the steps given below to configure WSO2 Identity Server to
13
+
authenticate users with their Microsoft accounts.
14
+
15
+
## Register WSO2 Identity Server on Microsoft
16
+
17
+
You need to register WSO2 Identity Server as an OAuth2.0 application on Microsoft Entra ID.
18
+
19
+
!!! note
20
+
For detailed instructions, you can follow the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app){:target="_blank"}.
21
+
22
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/){:target="_blank"} using an account with administrator permission.
23
+
24
+
!!! note
25
+
You must use an account in the same Microsoft 365 subscription (tenant) with which you intend to register the app.
26
+
27
+
2. Go to **Identity** > **Applications** > **App registrations** and select **New registration**.
28
+
29
+
3. Click **Add** and select **App registration** from the list.
30
+
31
+
4. Provide the required information for app registration.
32
+
33
+
{: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
34
+
35
+
<table>
36
+
<tr>
37
+
<th>Parameter</th>
38
+
<th>Description</th>
39
+
</tr>
40
+
<tr>
41
+
<td>Name</td>
42
+
<td>Enter a meaningful name for your application.</td>
43
+
</tr>
44
+
<tr>
45
+
<td>Supported Account Type</td>
46
+
<td>Select the supported account type. <br><b>Value: </b><code>Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)</code></td>
47
+
</tr>
48
+
<tr>
49
+
<td>Redirect URI</td>
50
+
<td>Select <b>Web</b> as the platform and provide the URL to redirect after the login is completed.<br><b>Value:</b> <code>{{product_url_format}}/commonauth</code></td>
51
+
</tr>
52
+
</table>
53
+
54
+
5. Click **Register** to create the application.
55
+
56
+
!!! note
57
+
Take note of the client ID after the application is created.
58
+
59
+
Now, let's generate a client secret for the application.
60
+
61
+
1. Go to **Certificates & secrets** on the left navigation and click **+ New client secret**.
62
+
2. Enter a description for the client secret and select the expiry time.
63
+
3. Click **Add** to add the client secret.
64
+
65
+
!!! note "Important"
66
+
Take note of the generated **Value**. Microsoft Entra will allow copying this value only once. This value is the newly generated client secret for your Microsoft connection in WSO2 Identity Server.
67
+
68
+
69
+
!!! tip "Before you register the Microsoft IdP"
70
+
71
+
1. Sign in to the WSO2 Identity Server [Management
| Enable | Selecting this option enables Microsoft to be used as an authenticator for users provisioned to the Identity Server. | Selected |
44
102
| Default | Selecting the **Default** check box signifies that Microsoft is the main/default form of authentication. This removes the selection made for any other **Default** checkboxes for other authenticators. | Selected |
45
-
| Client Secret | This is the password from the Microsoft Live application. Click the **Show** button to view the value you enter. | 12ffb4dfb2fed67a00846b42126991f8 |
103
+
| Client Secret | This is the password from the Microsoft login application. Click the **Show** button to view the value you enter. | 12ffb4dfb2fed67a00846b42126991f8 |
46
104
| Callback URL | This is the URL to which the browser should be redirected after the authentication is successful. It should have this format: ` https://(host-name):(port)/acs `|[https://localhost:9443/commonauth](https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Fcommonauth&sa=D&sntz=1&usg=AFQjCNG7dB10sZ-F07Du9Q5fT-mVDMfobg)|
47
-
| Client Id | This is the username from the Microsoft Live application. | 1421263438188909 |
105
+
| Client Id | This is the username from the Microsoft login application. | 1421263438188909 |
0 commit comments