50 lines
2.5 KiB
Text
50 lines
2.5 KiB
Text
|
|
||
|
|
==== Microsoft
|
||
|
|
|
||
|
|
To enable login with Microsoft account you first have to register an OAuth application on https://account.live.com/developers/applications/index[Microsoft account Developer Center].
|
||
|
|
Then you need to copy the client id and secret into the Keycloak Admin Console.
|
||
|
|
|
||
|
|
Let's see first how to create an application with Microsoft.
|
||
|
|
|
||
|
|
. Go to https://account.live.com/developers/applications/create[create new application on Microsoft account Developer Center] url and login here.
|
||
|
|
Use any value for `Application Name`, `Application Logo` and `URLs` you want.
|
||
|
|
In `API Settings` set `Target Domain` to the domain where your Keycloak instance runs.
|
||
|
|
. Copy `Client Id` and `Client Secret` from `App Settings` page.
|
||
|
|
|
||
|
|
Now that you have the client id and secret you can proceed with the creation of a Microsoft Identity Provider in Keycloak.
|
||
|
|
As follows:
|
||
|
|
|
||
|
|
. Select the `Microsoft` identity provider from the drop-down box on the top right corner of the identity providers table in Keycloak's Admin Console.
|
||
|
|
You should be presented with a specific page to configure the selected provided.
|
||
|
|
. Copy the client id and client secret to their corresponding fields in the Keycloak Admin Console.
|
||
|
|
Click `Save`.
|
||
|
|
|
||
|
|
Once you create the identity provider in Keycloak, you must update your Microsoft application with the redirect url that was generated to your identity provider.
|
||
|
|
|
||
|
|
. Open the Microsoft account Developer Center and select `API Settings` of your application.
|
||
|
|
In `Redirect URLs` insert the redirect uri created by Keycloak.
|
||
|
|
The redirect uri usually have the following format: `http://{host}:{port}/auth/realms/{realm}/broker/microsoft/endpoint`.
|
||
|
|
|
||
|
|
NOTE: You can always get the redirect url for a specific identity provider from the table presented when you click on the 'Identity Provider' tab in _Realm > Settings_.
|
||
|
|
|
||
|
|
That is it! This pretty much what you need to do in order to setup this identity provider.
|
||
|
|
|
||
|
|
The table below lists some additional configuration options you may use when configuring this provider.
|
||
|
|
|
||
|
|
.Configuration Options
|
||
|
|
[cols="1,1", options="header"]
|
||
|
|
|===
|
||
|
|
|
|
||
|
|
Configuration
|
||
|
|
|
||
|
|
|
|
||
|
|
Description
|
||
|
|
|
||
|
|
|
|
||
|
|
Default Scopes
|
||
|
|
|
||
|
|
|
|
||
|
|
Allows you to manually specify the scopes that users must authorize when authenticating with this provider. For a complete list of scopes, please take a look at https://msdn.microsoft.com/en-us/library/hh243646.aspx. By default, Keycloak uses the following scopes: wl.basic,wl.emails
|
||
|
|
|
||
|
|
|===
|