Microsoft Account Provider
To allow users to sign in with a Microsoft Personal Account:
- Set up and configure an App on the Azure portal
- Activate the Microsoft Account Provider (see Activate an Account Provider)
- Set the configuration parameters on the Microsoft Account Provider
Configure a Microsoft App
- Sign in to the Azure portal using either a work or school account or a personal Microsoft account.
- If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Entra ID tenant that you want.
- In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations (Preview) > New registration.
- When the Register an application page appears, enter your application's registration information.
- In Redirect URI type https://www.theidentityhub.com/{tenant}/authenticate/processaccountproviderresponse.
- Click Register
- Make a note of the Application Id.
- In the left navigation click Certificates & secrets.
- Click New Client Secret and make a note of the Client Secret
- In the left navigation click API permissions.
- Click Add a permission and add the following: Contacts.Read, User.Read and User.ReadBasic.All
For more information see Register an application with the Microsoft identity platform
Specific configuration parameters for the Microsoft Account Provider
| Parameter | Description |
|---|---|
| Application Id | The Application Id of the Microsoft App created on the Azure portal. (see Configure a Microsoft App) |
| Password | The Password of the Microsoft App created on the Azure portal. (see Configure a Microsoft App) |
| Default Scopes | The scopes that The Identity Hub will request when a user signs in. (see Default Scopes) |
| Scopes | Additional scopes that you want to be requested. Currently this has no further implication. |
Note
As of TIH version 1.62 the use of the Microsoft Graph API is enforced for all new Microsoft account providers.
As of TIH version 1.71 the references to the obsolete Microsoft Live SDK are removed.
Default Scopes
| Scope | Description | Required/Optional |
|---|---|---|
| wl.signin (User.Read) | To be able to sign in. | Required |
| wl.basic (User.Read and Contacts.Read) | Read access to a user's basic profile info. Also enables read access to a user's list of contacts. | Optional |
| wl.offline_access (User.Read) | The ability for an app to read and update a user's info at any time. | Required |
| wl.emails (User.ReadBasic.All) | Read access to a user's personal, preferred, and business email addresses. | Optional |
Optional scopes can be unchecked. Information related to this scopes will not be available to The Identity Hub.
Related
Amazon Account Provider
Activate an Account Provider
Built-in Username and Password Account Provider
Custom Account Providers
Facebook Account Provider
GitHub Account Provider
Google Account Provider
Instagram Account Provider
LinkedIn Account Provider
myID.be Account Provider
Office 365 Account Provider
OpenID Connect Account Provider
PayPal Account Provider
SAML-P Account Provider
StackExchange Account Provider
Twitter Account Provider
WS-Federation Account Provider