Microsoft EAM Integration Kit

Registering an OAuth client for Microsoft Entra ID

Register an OAuth Client for Microsoft Entra ID in PingFederate.

Learn more in configuring OAuth clients.

Steps

  1. Go to Applications > OAuth Clients.

  2. In the Client Authentication section, select None.

  3. In the Redirect URIs section, in the Redirection URIs field, enter https://login.microsoftonline.com/common/federation/externalauthprovider and click Add.

  4. Select the Bypass Authorization Approval checkbox.

  5. In the Allowed Grant Types section, select Implicit.

    Implicit is the only supported grant type for this integration.

  6. Confirm that id_token is a valid response type.

  7. In the Default Access Token Manager list, select the ATM that you configured in Configuring an access token manager.

  8. In the OpenID Connect section, in the Policy list, select the OIDC policy that you configured in Adjusting the OIDC policy configuration.

Next steps

When configuring the OAuth Client details in Microsoft Entra ID, you must configure a redirect_uri. Use PingFederate’s authorization endpoint URL: https://{pingfederate}/as/authorization.oauth2.