--- title: Registering PingFederate as an application in Entra ID description: To allow PingFederate to process social sign-on requests with Microsoft, add PingFederate as an OAuth application in the Entra ID (formerly Microsoft Azure) portal. component: microsoft-login page_id: microsoft-login:setup:pf_microsoft_login_ik_registering_pf_as_an_application_in_azure canonical_url: https://docs.pingidentity.com/integrations/microsoft-login/setup/pf_microsoft_login_ik_registering_pf_as_an_application_in_azure.html revdate: September 2, 2025 section_ids: steps: Steps --- # Registering PingFederate as an application in Entra ID To allow PingFederate to process social sign-on requests with Microsoft, add PingFederate as an OAuth application in the Entra ID (formerly Microsoft Azure) portal. You can find more information in [Register an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app//) in the Microsoft Entra ID documentation. ## Steps 1. Sign on to the [Microsoft Entra ID admin center](https://entra.microsoft.com/) and go to the tenant you want to register the application in. To ensure you have the correct permissions for creating an application, you must use an account that has at least the [Application Developer](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#application-developer) role. 2. Go to **Entra ID > App registrations**. Click **New registration**. 3. On the **Register an application** page: 1. In the **Name** field, enter a name for the application. 2. In the **Supported account types** section, select the account types that have permission to access the application. The default selection is **Personal Microsoft accounts only**. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Advanced configurations can provide access to organizational accounts in addition to, or instead of, personal Microsoft accounts. Learn more about the available options in [Register an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app//) in the Microsoft documentation.Note that each individual organization must have `User.Read.All` set in its API permissions. External organizations might not have this set.Remember your **Support account types** selection. You'll make the same selection in [Microsoft IdP Adapter settings reference](pf_microsoft_login_ik_idp_adapter_settings_reference.html). | 3. In the **Redirect URI** section, select **Web** and enter the PingFederate **Authorization Callback Endpoint**. The default value is `https://:/ext/microsoft-authn`. | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you set a custom value here, write it down. You'll use it again in [Microsoft IdP Adapter settings reference](pf_microsoft_login_ik_idp_adapter_settings_reference.html).You can find more information about redirect URI configuration in [Add a redirect URI](https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-redirect-uri) in the Microsoft Entra ID documentation. | 4. Click **Register**. 4. On the application **Overview** page, in the **Essentials** section, note the **Application (client) ID**. If you selected the **Single tenant** option for **Supported Account Types**, also note the **Directory (tenant) ID**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------- | | | You'll use this information in [Microsoft IdP Adapter settings reference](pf_microsoft_login_ik_idp_adapter_settings_reference.html). | 5. Add a client secret: 1. Go to the **Certificates & secrets** page, click the **Client secrets** tab, then click **+ New client secret**. 2. On the **Add a client secret** page, in the **Description** field, enter a meaningful description. 3. In the **Expires** list, select an expiration period, then click **Add**. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | Microsoft recommends that you set an expiration value of less than 12 months. Learn more in [Add a client secret](https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret) in the Microsoft documentation. | ![Screen capture of the Certificates and secrets page with the Certificates & secrets section in the menu highlighted along with the New client secret button and the Value field.](_images/ms_login_ik_add_a_client_secret.png) 4. Note the client secret **Value**. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The secret value is never displayed again after you leave this page.You'll use this information in [Microsoft IdP Adapter settings reference](pf_microsoft_login_ik_idp_adapter_settings_reference.html). |