How To Set Up Your Own Microsoft App (OpenID Connect)
Under Azure services, click on App registrations.
If you don't see it, click on "more services" and search for it.
Click New Registration.
Note: For the Microsoft Enterprise Provider, please ensure that the account type is Single Tenant. This restricts login to your domain only, whereas "Multitenant" will allow any Microsoft user to log in.
- Click Register.
- After the application is created, copy and save the Application (client) ID for the last step.
- Click on Endpoints at the top of the page, and copy the following for the last step:
- OAuth 2.0 authorization endpoint (v2)
- OAuth 2.0 token endpoint (v2)
- Click on Certificates & Secrets, and then click on New client secret.
- Enter a description, set your desired expiry, and then click Add.
- Set a reminder for yourself to replace this Secret before it expires. If the Secret expires, your users will no longer be able to log in with the provider.
- Your Secret value will be generated automatically, and you must copy this Secret value down immediately; the value will be hidden forever if you navigate away from the page, so you must regenerate a new one if the value is lost.
Bread & Butter Setup:
- Go to https://app.breadbutter.io/sign-in/
- Click Sign In and authenticate (or Sign Up make a new account and authenticate)
- Go to Settings in the left menu.
- Click on the Microsoft button under SSO Settings > Enterprise Accounts.
- Choose OpenID Connect for the protocol.
- Enter a name.
- Enter a description (optional).
- Enter the OAuth 2.0 Authorization Endpoint (v2) value from the Endpoints page in Azure.
- Enter the OAuth 2.0 Token Endpoint (v2) value from the Endpoints page in Azure.
- Enter the Application (client) ID from the Overview page in Azure.
- Enter the Client Secret that you generated and saved above.
- Click Save.
- Enable Microsoft by clicking the new entry in the Microsoft Identity Providers list