To allow PingFederate to process social sign-on requests with Microsoft, add PingFederate as an OAuth application in the Azure portal.
- Sign on to the Microsoft Azure portal and go to Azure Active Directory.
- Go to Manage > App registrations. Click New registration.
- On the Register an application page, in the Name field, enter a name for the application.
-
For Supported Account Types section, select
Personal Microsoft accounts only.
Tip:
Advanced configurations can provide access to organizational accounts in addition to, or instead of, personal Microsoft accounts. For help, click Help me choose and see Register an application in the Microsoft documentation. Note that each individual organization must have User.Read.All set in its API permissions. External organizations might not have this set.
Remember your Support Account Types selection. You'll make the same selection in Configuring an adapter instance.
-
In the Redirect URI section, select
Web and enter
https://pf_host:pf_port/ext/microsoft-authn.
If you set a custom value here, write it down. You'll use it again in Configuring an adapter instance.
For more information, see Add a redirect URI in the Microsoft Azure documentation.
- Click Register.
-
On the application overview page, in the Essentials section,
note the Application (client) ID. If you selected the
Single tenant option for Supported Account
Types, also note the Directory (tenant)
ID.
You'll use this in Configuring an adapter instance.
- For Client credentials, click Add a certificate or secret. Click New client secret.
-
Add a client secret.
-
On the Add a client secret pane, enter a description
and select an expiry period. Click Add.
For help, see Add a client secret in the Microsoft documentation.
-
Note the client secret Value.
You'll use this in Configuring an adapter instance.
-
On the Add a client secret pane, enter a description
and select an expiry period. Click Add.