How to setup social login with Microsoft Azure Active Directory


Adding social login with Microsoft Azure to your app with Clerk only requires populating the Client ID, Client Secret and Authorized redirect URI in your instance settings.
To make the development flow as smooth as possible, Clerk uses preconfigured shared OAuth credentials and redirect URIs for development instances - no other configuration is needed.
For production instances, you will need to generate your own Client ID and Client Secret using your Microsoft Azure account.

Before you start


  • Currently Clerk supports only the common tenant type, which is intended for allowing sign-ins both from organization members and public Microsoft users.
  • Only credentials of type secret are currently supported (not the certificate type).
Selecting the desired tenant type (common, organizations, consumers or specific tenant ID) will become available in an upcoming version of Clerk.

Configuring Microsoft Social login

After creating a Microsoft Azure account, you will need to create a new App Registration.
To do so, navigate to the list of applications and click on New Registration.
Navigate to New registration within the Microsoft Azure dashboard
In the new application form, make sure you fill in the following fields:
New application configuration
After creating a new app, you will be presented with the app information page.
The Application (client) ID visible on this page should be pasted into the Client ID form field on the Clerk end.
To generate a value you should click on the Client credentials link:
Link to set up Client credentials
Microsoft Azure supports 2 kinds of credentials:
  1. 1.
    Client secrets (as the majority of oauth providers)
  2. 2.
At the time of writing Clerk supports only Client secrets.
To create a new client secret click on the New client secret button as illustrated below:
Certificates & secrets screen
You will be prompted to provide a name & lifetime for the new secret.
New secret configuration
After confirming your choice the new secret will be listed and this is the only time you will able to copy & paste it, thus make sure you do so before navigating away.
Also take note of the lifetime of said secret because you will need to generate a new one before it expires.
The newly generated secret can now be pasted in the Client Secret input on the Clerk end.
Finally, you'll need to instruct your Microsoft Azure app to operate in openid mode, so that it provides clerk with an id_token when the sign-in completes. This allows Clerk to populate data about the user from their Microsoft profile.
This can be done by navigating to the Authentication section and checking the option displayed below:
Enabling the id_token in the Authentication section
That's it! You are now ready to allow your users to sign in using Microsoft Azure!
Stay tuned for updates as Clerk integrates support for more Microsoft social login options.
Last modified 1mo ago