--- title: Microsoft IdP Adapter settings reference description: Field descriptions for the Microsoft IdP Adapter configuration screen. component: microsoft-login page_id: microsoft-login:setup:pf_microsoft_login_ik_idp_adapter_settings_reference canonical_url: https://docs.pingidentity.com/integrations/microsoft-login/setup/pf_microsoft_login_ik_idp_adapter_settings_reference.html revdate: September 17, 2025 --- # Microsoft IdP Adapter settings reference Field descriptions for the Microsoft IdP Adapter configuration screen. > **Collapse: Standard fields** > > | Field Name | Description | > | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | **Supported Account Types** | The type of accounts that users can sign on with. The **Single tenant** and **Multitenant** options support organizational accounts from a school or work directory. Personal accounts are not associated with an organization.Do one of the following:- For standard configurations, select **Personal accounts only**. > > - For advanced configurations, if you selected a different option in [Registering PingFederate as an application in Entra ID](pf_microsoft_login_ik_registering_pf_as_an_application_in_azure.html), make the same selection here.The default selection is **Personal accounts only**. | > | **Single Tenant ID** | If you selected **Single tenant** for **Support Account Types**, enter the **Directory (tenant) ID** that you noted in [Registering PingFederate as an application in Entra ID](pf_microsoft_login_ik_registering_pf_as_an_application_in_azure.html). Otherwise, leave this field blank.This field is blank by default. | > | **Client ID** | The **Application (client) ID** that you noted in [Registering PingFederate as an application in Entra ID](pf_microsoft_login_ik_registering_pf_as_an_application_in_azure.html). | > | **Client Secret** | The client secret **Value** that you noted in [Registering PingFederate as an application in Entra ID](pf_microsoft_login_ik_registering_pf_as_an_application_in_azure.html). | > | **Error Redirect URL** | The URL that PingFederate redirects the user to when the adapter encounters an error.If this field is blank, the adapter shows the default error page. | > | **Unauthorized Redirect URL** | The URL that PingFederate redirects to when the user doesn't authorize Microsoft to share their information.If this field is blank, the adapter shows the default error page. | > **Collapse: Advanced fields** > > | Field Name | Description | > | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | > | **Include Login Hint** | If selected, the incoming **User Id** value (if provided) is sent as a **login\_hint** query string parameter value to Microsoft.Microsoft uses this value to pre-fill the **Username** field on the Microsoft user sign-on page. | > | **Include Prompt** | If selected, PingFederate automatically maps and sends the standard PingFederate-supported OIDC prompt parameter as the **prompt** parameter value in the authorization request to Microsoft. This applies only if PingFederate receives the prompt parameter through an authentication policy that has a value of consent or login.To send other values in the authorization request, use the **Additional Parameters** table and provide the value in an incoming chained attribute. Learn more in step 3 of [Configuring an adapter instance](pf_microsoft_login_ik_configuring_an_adapter_instance.html). | > | **Microsoft Login Base URL** | The base URL Microsoft uses for any authentication calls. The default value is:```none > https://login.microsoftonline.com/ > ``` | > | **Authorization Callback Endpoint** | The PingFederate endpoint that Microsoft uses to respond to authorization requests. The default value is:```none > /microsoft-authn > ``` If you set a custom endpoint in the Redirect URI field in Registering PingFederate as an application in Entra ID, change this field to match. | > | **Microsoft Authorization Endpoint** | The endpoint used to request an authorization code from Microsoft. The default value is:```none > /oauth2/v2.0/authorize > ``` | > | **Microsoft Token Endpoint** | The endpoint Microsoft uses to retrieve an access token. The default value is:```none > /oauth2/v2.0/token > ``` | > | **Microsoft Logout Endpoint** | The logout endpoint Microsoft uses to end the user's session. The default value is:```none > /oauth2/v2.0/logout > ``` | > | **Microsoft User Info URL** | The URL used to retrieve Microsoft user data. The default value is:```none > https://graph.microsoft.com/v1.0/me > ``` | > | **Scopes** | A list of comma-separated scopes to request from Microsoft. The default value is:```none > openid, User.Read > ``` You must add the User.Read scope. | > | **Microsoft Sign-on Presentation** | Determines how the user is directed to Microsoft for authentication. Options include:- **Redirect** > > - **Pop-up window** Some browsers block automatic redirects. If you select Pop-up window and aren't using PingFederate in authentication API mode, the adapter presents a template file. | > | **Microsoft Pop-up Template** | The template file that presents the Microsoft sign-on form. Applies only when Microsoft Sign-on Presentation is set to Pop-up window\.The default value is:```none > microsoft-pop-up-template.html > ``` | > | **Microsoft Post Auth Template** | The template file that the adapter presents after the user signs on. Applies only when Microsoft Sign-on Presentation is set to Pop-up window\.The default value is:```none > microsoft-post-auth-template.html > ``` | > | **Microsoft Messages File** | The language-pack file associated with **Microsoft Pop-up Template**.The default value is:```none > pingfederate-microsoft-adapter-messages > ``` | > | **Retry Request** | Select this checkbox to retry a request if the API fails with error codes configured. | > | **Maximum Retries Limit** | Determines how many times PingFederate will retry a request.The default value is `5`. | > | **Retry Error Codes** | Determines which response codes are considered failures.The default value is `403`. | > | **API Request Timeout** | The amount of time in milliseconds that PingFederate allows when establishing a connection with Entra ID or waiting for a response to a request. A value of 0 disables the timeout.The default value is `5000`. | > | **Proxy Settings** | Defines proxy settings for outbound HTTP requests.The default value is **System Defaults**. | > | **Custom Proxy Host** | The proxy server host name to use when **Proxy Settings** is set to **Custom**.This field is blank by default. | > | **Custom Proxy Port** | The proxy server port to use when **Proxy Settings** is set to **Custom**.This field is blank by default. |