Microsoft Authentication enables users to log in to your Discourse forum using their Microsoft accounts (also known as Office 365 or Microsoft 365 accounts). This simplifies the login process for organizations that use Microsoft services.
Visit Certificates & secrets in the left sidebar menu and click New client secret
Add a simple description
Choose 24 months under âExpiresâ (note: youâll need to renew it)
Copy the Value (this is the Application Secret) and save it for your plugin settings
Visit Overview (in the left sidebar) and copy the Application (client ID)
In your Discourse admin area, go to Settings and search for âmicrosoft authâ
Enter the Application ID and Secret from the previous steps
Single-tenant authentication issues
If youâve configured your Microsoft application as single_tenant, some users may experience issues when logging in. This happens because the emails used for login are considered untrusted, and the system cannot automatically link them to existing Discourse accounts.
To resolve this issue, users can:
Look for the âAlready have an account?â section at the bottom of the signup form
Click the provided link to go through the account link-up process
Complete the authentication steps to connect their Microsoft account to their existing Discourse account
Another option is to enable the microsoft auth email verified site setting, if admins are confident that all your users have verified emails.This ensures that returning users with existing accounts donât create duplicate accounts when authenticating through Microsoft.
Additional configuration options
You can update all Microsoft Authentication settings by visiting the Admin > Settings area and searching for âmicrosoft authâ.
As Iâve gotten tripped up (again) when updating my config for this plugin, Iâve made this PR:
The issue is that the Microsoft app panel serves up three likely looking fields for the âSecretâ - Client IDValue and âSecret IDâ. Without guidance, I have chosen the wrong one on both occasions that Iâve tackled this, and suspect Iâm not alone!
The word âcommonâ is the issue.
Seems like that needs to be replaced by the tenant ID for the single tenant.
If you have an MS account you will find your tenant ID here: Microsoft Azure
I havenât tried to do the change my own, yet. Perhaps I will.
If not, anyone else thinking to use this for single tenant, you donât have to try, it will not work currently.
See attached image below as an example what kind of error you will get.
Ok, I have never coded with Ruby, and it was some years ago with coding and working with technical things. But, itâs done. And it works now also for Single Tenant setups.