Skip to main content

Microsoft

Set up Microsoft as a social login provider in SecureAuth Connect so users can sign in with their Microsoft account.

Register Microsoft as a provider

  1. In your workspace, go to Authentication > Providers.

  2. Click Create Connection.

  3. Filter by Social Providers and select Microsoft. Create Connection page showing available social providers

  4. Choose a registration mode:

    ModeDescription
    EmbeddedUses a client application registered by SecureAuth. No developer portal registration required.
    Bring your OwnUses a client application registered by your organization. Requires registering an application in the Microsoft Entra admin center to obtain an Application (Client) ID and Client Secret.

    Microsoft Configuration tab showing Embedded mode and Display order

Configuration

SettingDescription
NameDisplay name for this provider. Default: Microsoft.
Display orderControls the position of this provider on the sign-in page. Default: 0.

Use Try Sign-in to test the Microsoft sign-in flow. Use Delete Identity to remove this provider.

Microsoft sign-in page shown when testing with Try Sign-in

Attributes

Microsoft returns the following attributes after authentication:

Connector nameFriendly nameData typeScope
nameNameStringID token
emailEmailStringID token
preferred_usernamePreferred usernameStringID token
givenNameGiven nameStringUser Info
surnameSurnameStringUser Info
userPrincipalNameUser principal nameStringUser Info
displayNameDisplay nameStringUser Info
preferred_languagePreferred languageStringUser Info
mobilePhoneMobile phoneStringUser Info
jobTitleJob titleStringUser Info

Microsoft returns attributes from both ID token and User Info scopes. It provides the richest set of business-context attributes among social providers, including jobTitle, mobilePhone, preferred_language, and userPrincipalName.

To add custom attributes, click + Add attribute.

Mappings

Default attribute mappings from Microsoft to the SecureAuth authentication context:

SourceMicrosoft source nameSecureAuth target name
ID tokenNameName
ID tokenEmailEmail
ID tokenPreferred usernameThe primary username that represents the user
User InfoGiven nameGiven name
User InfoSurnameFamily name
User InfoMobile phonePhone

To customize, click + Add mapping or + Add static mapping.

Provisioning

Provisioning controls what happens when a user authenticates through Microsoft.

Disabled

Users are not persisted in the user store. Authentication succeeds but no user record is created.

Just-in-Time Provisioning

Users are persisted in the user store on first login.

Identifier Correlation
Maps the incoming Microsoft identity to an existing user. Default: Microsoft Email ↔ Users Email.

Attribute Provisioning
Maps Microsoft attributes to user profile fields. Defaults:

  • EmailEmail
  • Given nameFirst name
  • Family nameLast name

Provisioning tab with Just-in-Time Provisioning selected, showing Identifier Correlation and Attribute Provisioning

Pre provisioning mode

Users must already exist in the user store before they can authenticate. New users are not auto-created at login; they must be added via an offline process.

Authentication flow control
Select what happens when no matching user is found:

  • Deny – Terminate the authentication flow.
  • Allow – Proceed with the authentication flow.

Identifier Correlation
Maps the incoming Microsoft identity to an existing user. Default: Microsoft Email ↔ Users Email.

Attribute Provisioning
Maps Microsoft attributes to user profile fields. Defaults:

  • EmailEmail
  • Given nameFirst name
  • Family nameLast name

Provisioning tab with Pre provisioning mode selected, showing Authentication flow control and Attribute Provisioning

Extensions

ExtensionDescription
Post Authentication scriptA server-side script that runs after Microsoft authentication completes. Click Manage Script to configure.
Post Authentication applicationA custom application that receives a callback after Microsoft authentication completes. Click Manage Custom App to configure.

See also