Microsoft Entra ID OAuth SSO Setup
This document will help you configure Microsoft Entra ID or Azure AD as an OAuth provider making Drupal as an OAuth client. Following these steps will allow you to configure OAuth SSO between Microsoft Entra ID and your Drupal site such that your users will be able to log in to your Drupal site using their Microsoft Entra ID credentials.
We provide Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module which is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Prerequisite:
- Install and activate the OAuth & OpenID Connect Login - OAuth2 Client SSO Login module on your Drupal site. Follow these steps to install the module.
Setup Video:
Steps to configure Drupal as OAuth Client:
-
Once you have installed the module, go to the Configuration tab, and click on the miniOrange OAuth Client. (/admin/config/people/mo-oauth-client/mo-client-config)
-
In the Manage section, under the Client Configuration tab, click on the + Add New button to configure the desired OAuth Client.
- Select Microsoft Entra ID (Azure AD) from the Select Application dropdown.
- Enter the Application name in the Custom App Name text field. For example, Microsoft Entra ID (Azure AD).
-
Copy the Callback/Redirect URL and keep it handy.
-
If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox on the Settings tab.
Configure OAuth SSO Application in Microsoft Entra ID:
- Login into your Microsoft Entra ID portal.
-
Select Microsoft Entra ID from the Azure services section.
-
Click on the +Add link, then select App Registration from the dropdown menu.
- On the Register an Application page, enter the required information:
- Name: Enter the Application Name, for example, Drupal.
- Supported account types: Select the 1st option - Accounts in this organizational directory only (Test only - Single tenant). If you are not sure what to choose, you can click on the Help me choose link.
-
Under the Redirect URI (optional) from the Select a platform dropdown select Web and paste the previously copied Callback URL under the text field next to the dropdown.
- Once done, click on the Register button.
Integrating Drupal with Microsoft Entra ID:
-
From the Microsoft Entra ID portal, copy the Application (client) ID.
-
Navigate to the Drupal site and paste the copied Application(client) ID into the Client ID text field.
- Again, go back to the Microsoft Entra ID portal.
-
Click on Add a certificate or secret link.
- Then, click on the New client secret button.
-
In the Add a client secret, enter the Description, and select duration of the certificate from the Expires dropdown. Click on the Add button.
-
Copy the Value from the Client secrets tab, this is your Client Secret key.
-
Then, navigate to the Drupal site and paste the copied Client secret value into the Client Secret text field.
-
Go back to the Microsoft Entra ID portal and navigate to the Overview tab.
-
Under the Essentials section, copy the Directory (tenant) ID.
-
Navigate to the Drupal site and replace the copied Directory (tenant) ID with the {tenant-id} in the Authorization Endpoint and Access Token Endpoint text field. Once done, click on the Save Configuration button.
You can also refer to the Microsoft Entra ID Endpoints and Scope from the table given below:
Scope openid email profile Authorize Endpoint: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize Access Token Endpoint: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token Get User Info Endpoint: https://graph.microsoft.com/oidc/userinfo 
- The Send Client ID and Secret in allow you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings.
-
Check the checkbox to Enable Login with OAuth, scroll down, and click the Save Configuration button.
Test Configuration of Drupal with Microsoft Entra ID :
-
After successfully saving the configurations, click on the Perform Test Configuration button to check the connection between Drupal and Microsoft Entra ID (Azure AD).
- On a Test Configuration pop-up, if you don't have an active session in Microsoft Entra ID on the same browser, you will be asked to sign in to your Azure AD. After successfully logging into Microsoft Entra ID, you will be provided with a list of attributes that are received from the Azure AD.
-
Click the Configure Mappings button..
-
On the Attribute Mapping tab, please select the Email Attribute and Username Attribute from the dropdown list and click on the Save button.
Please note: Mapping the Email Attribute is mandatory for your login to work.
Congratulations! You have successfully configured Microsoft Entra ID (Azure AD) as OAuth Provider and Drupal as an OAuth Client.
How to perform the SSO login?
- Now, open a new browser/private window and go to your Drupal site login page.
- Click on the Login using Microsoft Entra ID (Azure AD) link to initiate the SSO from Drupal.
-
If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
Back to topHelp improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
