How To Set Up Your Own Microsoft App (OpenID Connect)
Log in to the your Azure Portal:
Go to Azure Active Directory, and then go to App Registrations.
Click New Registration
- Enter a name for your application (we recommend using your organization name)
- Select Single Tenant for the supported account types.
- Set the Redirect URI to:
Note: For the Microsoft Enterprise Provider, please ensure that the account type is Single Tenant. This restricts login to your domain only, whereas “Multitenant” will allow any Microsoft user to log in.
- Click Register. After the application is created, take note of the Client ID
- Click on Endpoints, and copy down the following:
- OAuth 2.0 authorization endpoint (v2)
- OAuth 2.0 token endpoint (v2)
- Click on Certificates & Secrets, and then click on New client secret, name the description, set your desired expiry, and then click Add
- Set a reminder for yourself to replace this Secret before it expires. If the Secret expires, your users will no longer be able to log in with the provider.
- Your Secret value will be generated automatically, and you must copy this Secret value down immediately; the value will be hidden forever if you navigate away from the page, so you must regenerate a new one if the value is lost
- Go to logonlabs.com
- Click Sign In and authenticate (or Sign Up make a new account and authenticate)
- Navigate to Default Rules (or Domain Rules and open/create a domain module)
- Click on the Microsoft button under Enterprise Identity Providers
- Choose OpenID Connect.
- Click Add.
- Enter a name.
- Enter a description (optional).
- Enter the OAuth 2.0 Authorization Endpoint (v2) value from the Endpoints page in Azure.
- Enter the OAuth 2.0 Token Endpoint (v2) value from the Endpoints page in Azure.
- Enter the Application (client) ID from the Overview page in Azure.
- Enter the Client Secret that you generated and saved above.
- Click Add
- Enable Microsoft by clicking the new entry in the Microsoft Identity Providers list