Microsoft Authentication

:discourse: Hosted by us? This plugin is available on our Business and Enterprise plans. Amazon & Microsoft Logins | Discourse - Civilized Discussion

Summary

Microsoft Authentication enables users to log in to your Discourse forum using their Microsoft accounts (also known as Office 365 or Microsoft 365 accounts). This simplifies the login process for organizations that use Microsoft services.

Features

  • Allows users to log in with their Microsoft credentials
  • Supports both multi-tenant and single-tenant configurations
  • Integrates with Microsoft Azure Active Directory
  • Simplifies user registration and login

Configuration

To set up Microsoft Authentication for your Discourse forum:

  1. Visit Azure Portal’s App Registration page

  2. Register a new application:

    • Choose a name (typically your site name)
    • Under “Supported account types,” select the most permissive option for your needs

  3. Add your site as a Redirect URI for Web in this format:

    • https://your.discourse.forum/auth/microsoft_office365/callback

  4. Save your changes

  5. Visit Certificates & secrets in the left sidebar menu and click New client secret

    • Add a simple description
    • Choose 24 months under “Expires” (note: you’ll need to renew it)
    • Copy the Value (this is the Application Secret) and save it for your plugin settings
  6. Visit Overview (in the left sidebar) and copy the Application (client ID)

  7. In your Discourse admin area, go to Settings and search for “microsoft auth”

  8. Enter the Application ID and Secret from the previous steps

Single-tenant authentication issues

If you’ve configured your Microsoft application as single_tenant, some users may experience issues when logging in. This happens because the emails used for login are considered untrusted, and the system cannot automatically link them to existing Discourse accounts.

To resolve this issue, users can:

  1. Look for the “Already have an account?” section at the bottom of the signup form
  2. Click the provided link to go through the account link-up process
  3. Complete the authentication steps to connect their Microsoft account to their existing Discourse account

Another option is to enable the microsoft auth email verified site setting, if admins are confident that all your users have verified emails.This ensures that returning users with existing accounts don’t create duplicate accounts when authenticating through Microsoft.

Additional configuration options

You can update all Microsoft Authentication settings by visiting the Admin > Settings area and searching for “microsoft auth”.

For single-tenant setups, you’ll need your tenant ID, which you can find in the Azure Portal tenant properties.

Additional resources

Last edited by @jessii 2025-05-20T20:46:47Z

Check documentPerform check on document:
25 Likes

I’m having trouble using that plugin.
Could you please give me some advice?

As I’ve gotten tripped up (again) when updating my config for this plugin, I’ve made this PR:

The issue is that the Microsoft app panel serves up three likely looking fields for the ‘Secret’ - Client ID Value and ‘Secret ID’. Without guidance, I have chosen the wrong one on both occasions that I’ve tackled this, and suspect I’m not alone!

Just tried this plugin and it doesn’t work for single tenant.

Why?

option :client_options,
             site: "https://login.microsoftonline.com",
             authorize_url: "/common/oauth2/v2.0/authorize",
             token_url: "/common/oauth2/v2.0/token"

The word “common” is the issue.
Seems like that needs to be replaced by the tenant ID for the single tenant.
If you have an MS account you will find your tenant ID here: Microsoft Azure

I haven’t tried to do the change my own, yet. Perhaps I will.
If not, anyone else thinking to use this for single tenant, you don’t have to try, it will not work currently.

See attached image below as an example what kind of error you will get.
image

Ok, I have never coded with Ruby, and it was some years ago with coding and working with technical things. But, it’s done. And it works now also for Single Tenant setups.

3 Likes

Sorry for the very very late follow up here, the PR above is now merged!

2 Likes

Wohoo!

My first contriution to the community. Not the last, I think. :slight_smile:

2 Likes