Search Results for

    Show / Hide Table of Contents

    Office 365 Account Provider

    To allow users to sign in with your Office 365 subscription:

    • Set up and configure an App in the Office 365 Azure AD tenant
    • Activate an Office 365 Account Provider (see Activate an Account Provider)
    • Set the configuration parameters on the Office 365 Account Provider

    Configure an App in the Office 365 Azure AD tenant

    1. Login to the Azure AD portal tenant of your Office 365 subscription.
    2. On the left side click All services and in the Filter type Azure Active Directory.
    3. From the Azure Active Directory blade select App Registrations.
    4. Click New registration.
    5. In Name type a unique display name for the application.
    6. Select the preferred Supported account type. When selecting Multitenant, app approval by an admin might be required in the other tenants.
    7. Under Redirect URI select Web and enter https://www.theidentityhub.com/{tenant}/authenticate/processaccountproviderresponse.
    8. Click Register.
    9. Take a note of the Application (client) ID.
    10. On the left: click Certificates & secrets.
    11. Click New client secret.
    12. In Description type The Identity Hub and select an Expiration.
    13. Click Add.
    14. Take a note of the VALUE you will need it as App Password later on.
    15. On the left: click API permissions.
    16. Click Add a permission and select Microsoft Graph.
    17. Click Delegated permissions and scroll down to User.
    18. Check User.Read.
    19. Click Add permissions.
    20. Click Grant admin consent for [AZURE AD TENANT NAME] (requires administrator rights).

    Specific configuration parameters for the Office 365 Account Provider

    Parameter Description
    App ID The Application (client) ID of the App created on the Azure Portal (see Configure an App in the Office 365 Azure AD tenant).
    App Password The client secret VALUE of the App created on the Azure Portal (see Configure an App in the Office 365 Azure AD tenant).

    Claim Mappings

    By default no incoming claims are mapped except

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

    To map all incoming claims (even those not specified in the claim mappings) uncheck Remove all incoming claims that are not mapped.

    See the Claim Mappings page for a more detailed explanation.

    Related

    Amazon Account Provider
    Activate an Account Provider
    Built-in Username and Password Account Provider
    Custom Account Providers
    Facebook Account Provider
    GitHub Account Provider
    Google Account Provider
    Instagram Account Provider
    LinkedIn Account Provider
    Microsoft Account Provider
    myID.be Account Provider
    PayPal Account Provider
    SAML-P Account Provider
    StackExchange Account Provider
    Twitter Account Provider
    WS-Federation Account Provider

    In This Article