Adding a Microsoft identity provider
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_24_53-1024x308.png?resize=1024%2C308&ssl=1)
Copy Redirect URI to clipboard
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_25_42-1024x381.png?resize=1024%2C381&ssl=1)
Go to Azure AD and select “App registrations”
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_26_30-550x1024.png?resize=275%2C512&ssl=1)
In “App registration” tab, select “+ New registration”
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_26_50-894x1024.png?resize=447%2C512&ssl=1)
Enter app’s name, select “Multitenant” account type (if “Single tenant” account type does not work) and then paste the redirect URI from Keycloak configuration
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_5_04_01-1024x735.png?resize=1024%2C735&ssl=1)
In Azure’s App overview tab, copy app’s client ID
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_28_04-1-1024x686.png?resize=1024%2C686&ssl=1)
Select “Certificates & secrets” tab and create a new client secret
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_29_00-876x1024.png?resize=438%2C512&ssl=1)
When adding secret, enter the description and select when to expire
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3.29.47-1024x601.png?resize=512%2C301&ssl=1)
Copy the value of the secret
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_30_31-1024x261.png?resize=1024%2C261&ssl=1)
Back to Keycloak paste the client ID and secret copied in the previous steps
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_3_31_10-1024x311.png?resize=1024%2C311&ssl=1)
You then can use Microsoft account to login
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_5.22.37-941x1024.png?resize=471%2C512&ssl=1)
In case you want user to login directly with Microsoft, you can do that by going to “Authentication” tab and click the menu
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_5_27_29.png?resize=603%2C591&ssl=1)
Select “Browser”
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_5_27_44.png?resize=576%2C585&ssl=1)
In “Identity Provider Redirector” row, select “REQUIRED” and then click “Actions” and “Config”
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_5_28_19-1024x559.png?resize=1024%2C559&ssl=1)
Enter the alias of the configuration and the name of the IDP you want to use ( “microsoft” in this case)
![](https://i0.wp.com/www.hlchang.com/wp-content/uploads/2021/06/2021-06-24_5_29_00-1024x315.png?resize=1024%2C315&ssl=1)