PingOne

Creating an external authentication method in Microsoft Entra

After creating the OIDC application in PingOne and copying the application ID, OIDC discovery endpoint, and client ID, create an EAM in Microsoft Entra.

Steps

  1. Go to the Microsoft Entra admin center.

  2. On the left, go to Protection > Authentication methods.

  3. Click App external method.

  4. Enter the following:

    1. Name: Enter a name for the EAM.

    2. Client ID: Enter your PingOne application’s client ID that you copied earlier.

    3. Discovery Endpoint: Enter the OIDC Discovery Endpoint that you copied earlier. The format is <issuer>/.well-known/openid-configuration.

    4. App ID: Enter the ID of the Microsoft Entra application that you copied previously. You can find the application ID in the Microsoft Entra admin center.

  5. Click Request permission.

    The browser opens a new window for you to sign on with your Microsoft Entra admin credentials.

  6. Review the requested permissions and click Accept if you agree.

  7. In the Enable and target section, configure whether you want to include a subset of your users or all users.

  8. Click the Enable toggle to enable the EAM.