Microsoft Login Integration Kit

Microsoft IdP Adapter settings reference

Field descriptions for the Microsoft IdP Adapter configuration screen.

Table 1. Standard fields
Field Name Description

Supported Account Types

The type of accounts that users can sign in with. The single tenant and multitenant options support organizational accounts from a school or work directory. Personal accounts are not associated with an organization.

Do one of the following:

The default selection is Personal accounts only.

Single Tenant ID

If you selected Single tenant for Support Account Types, enter the Directory (tenant) ID that you noted in Registering PingFederate as an application in Azure.

Otherwise, leave this field blank.

This field is blank by default.

Client ID

The Application (client) ID that you noted in Registering PingFederate as an application in Azure.

Client Secret

The client secret Value that you noted in Registering PingFederate as an application in Azure.

Authorization Callback Endpoint

The PingFederate endpoint that Microsoft uses to respond to authorization requests. If you set a custom endpoint in the Redirect URI field in Registering PingFederate as an application in Azure, change this field to match.

The default value is:

/microsoft-authn

Error Redirect URL

The URL that PingFederate redirects the user to when the adapter encounters an error. A blank value shows the default error page.

Unauthorized Redirect URL

The URL that PingFederate redirects to when the user does not authorize Microsoft to share their information. A blank value shows the default error page.

Table 2. Advanced fields
Field Name Description

Include Login Hint

If selected, the incoming User Id value (if provided) is sent as a login_hint query string parameter value to Microsoft. Microsoft uses this value to pre-fill the Username field on the Microsoft user sign-on page.

Include Prompt

If selected, PingFederate automatically maps and sends the standard PingFederate-supported OIDC prompt parameter as the prompt parameter value in the authorization request to Microsoft.

This applies only if PingFederate receives the prompt parameter through an authentication policy that has a value of consent or login.

To send other values in the authorization request, use the Additional Parameters table and provide the value in an incoming chained attribute. Learn more in step 3 of Configuring an adapter instance.

Microsoft Login Base URL

The base URL used by Microsoft for any authentication calls.

The default value is:

https://login.microsoftonline.com/

Microsoft Authorization Endpoint

The endpoint used to request an authorization code from Microsoft.

The default value is:

/oauth2/v2.0/authorize

Microsoft Token Endpoint

The endpoint used by Microsoft to retrieve an access token.

The default value is:

/oauth2/v2.0/token

Microsoft Logout Endpoint

The logout endpoint used by Microsoft to end the user’s session.

The default value is:

/oauth2/v2.0/logout

Microsoft User Info URL

The URL used to retrieve Microsoft user data.

The default value is:

https://graph.microsoft.com/v1.0/me

Scopes

Comma-separated scopes to request from Microsoft.

The default value is:

openid

Microsoft Sign-on Presentation

Determines how the user is directed to Microsoft for authentication. Automatic redirects are blocked by some browsers. If you select Pop-up and are not using PingFederate in authentication API mode, the adapter presents a template file.

Options include:

  • Redirect

  • Pop-up window

Microsoft Pop-up Template

The template file that presents the Microsoft sign-on form. Applies only when Microsoft Sign-on Presentation is set to Pop-up window.

The default value is:

microsoft-pop-up-template.html

Microsoft Post Auth Template

The template file that the adapter presents after the user signs on. Applies only when Microsoft Sign-on Presentation is set to Pop-up window.

The default value is:

microsoft-post-auth-template.html

Microsoft Messages File

The language-pack file associated with Microsoft Pop-up Template.

The default value is:

pingfederate-microsoft-adapter-messages

Retry Request

Retry request if API fails with error codes configured.

Options include:

  • selected

  • not selected

Maximum Retries Limit

Determines how many times PingFederate will retry a request.

The default value is 5.

Retry Error Codes

Determines which response codes are considered failures.

The default value is 403.

API Request Timeout

The amount of time in milliseconds that PingFederate allows when establishing a connection with Azure or waiting for a response to a request. A value of 0 disables the timeout.

The default value is 5000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.