==== Microsoft To enable login with Microsoft account you first have to register an OAuth application on https://account.live.com/developers/applications/index[Microsoft account Developer Center]. Then you need to copy the client id and secret into the Keycloak Admin Console. Let's see first how to create an application with Microsoft. . Go to https://account.live.com/developers/applications/create[create new application on Microsoft account Developer Center] url and login here. Use any value for `Application Name`, `Application Logo` and `URLs` you want. In `API Settings` set `Target Domain` to the domain where your Keycloak instance runs. . Copy `Client Id` and `Client Secret` from `App Settings` page. Now that you have the client id and secret you can proceed with the creation of a Microsoft Identity Provider in Keycloak. As follows: . Select the `Microsoft` identity provider from the drop-down box on the top right corner of the identity providers table in Keycloak's Admin Console. You should be presented with a specific page to configure the selected provided. . Copy the client id and client secret to their corresponding fields in the Keycloak Admin Console. Click `Save`. Once you create the identity provider in Keycloak, you must update your Microsoft application with the redirect url that was generated to your identity provider. . Open the Microsoft account Developer Center and select `API Settings` of your application. In `Redirect URLs` insert the redirect uri created by Keycloak. The redirect uri usually have the following format: `http://{host}:{port}/auth/realms/{realm}/broker/microsoft/endpoint`. NOTE: You can always get the redirect url for a specific identity provider from the table presented when you click on the 'Identity Provider' tab in _Realm > Settings_. That is it! This pretty much what you need to do in order to setup this identity provider. The table below lists some additional configuration options you may use when configuring this provider. .Configuration Options [cols="1,1", options="header"] |=== | Configuration | Description | Default Scopes | Allows you to manually specify the scopes that users must authorize when authenticating with this provider. For a complete list of scopes, please take a look at https://msdn.microsoft.com/en-us/library/hh243646.aspx. By default, Keycloak uses the following scopes: wl.basic,wl.emails |===