Advertising sustains the DA. Ads are hidden for members. Join today

On this page

OAuth & OpenID Connect Login - OAuth2 Client SSO Login

Office 365 OAuth SSO Setup

Last updated on
25 February 2026

This document will help you configure Microsoft Office 365 as an OAuth / OIDC provider making Drupal as an OAuth Client. Following these steps will allow you to configure OAuth / OpenID Connect SSO between Office 365 and your Drupal site such that your users will be able to log in to your Drupal site using their Office 365 credentials.

We provide the Drupal OAuth & OpenID Connect Login module which is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

Download  Know more

Prerequisite:

Steps to configure Drupal as OAuth Client: 

  • After successfully installing the module on your Drupal site, navigate to the Configuration tab and click on the miniOrange OAuth Client. (/admin/config/people/mo-oauth-client/mo-client-config)

    Select miniOrange OAuth Client Configuration from the Configuration tab

  • In the Manage section, under the Client Configuration tab, click on the + Add New button to configure the desired OAuth Client.

    Drupal-Office-365-OAuth-Client-latest-Click-Add-New-button

  • Select Custom OAuth 2.0 Provider from the Select Application dropdown on the Configure OAuth tab. 
  • Enter Office 365 in the Custom App Name text field.

  • Copy the Callback/Redirect URL and keep it handy.

    On the Configure OAuth tab - Select Application and copy Callback URL

  • If your provider only supports HTTPS Callback/Redirect URLs and you have an HTTP site, please make sure to enable the 'Enforce HTTPS Callback URL' checkbox under Settings tab.

    Drupal-Office-365-OAuth-Client-latest-check-Enforce-HTTPS-Callback-URL

Configure OAuth SSO Application in Microsoft Office 365

  • Log in/Sign up for the Microsoft Office 365 Admin console.

  • Click App registration from the Azure services section.

    Drupal-Azure-AD-Click-App-Registrations

  • Click on New registration button.

    Microsoft Office365 OAuth Single Sign-On - Click-on-New-registration

  • Enter the following information on the Register an Application page:
    • Name: Enter display name in Name text field.
    • Supported Account type: Select one of the options, under Who can use this application or use this API? and select Accounts in this organizational directory only (Test only - Single tenant). If you are unsure which option to select, click on the Help me choose link.

    • Redirect URI (optional): Select a platform as Web. Paste the copied Callback/Redirect URL (from your Drupal site) into the Redirect URI text field.

      On-Register-an-application-provide-the-required-information

  • Click on the Register button to create the new application.

Integrating Drupal with Office 365:

  • Office 365 assigns a unique Application ID to your application. Copy the Application (client) ID from the Microsoft Office portal.

    Copy-the-Application-client-ID

  • Then, go back to the Drupal site and paste the copied Client ID into the Client ID text field.

    Drupal-OAuth-OIDC-Client-Configuration-Paste-Application-ID-into-Client-ID-field

  • On the Microsoft Office portal, click on Add a certificate or secret under the Essentials section.

    Microsoft Office365 Single Sign-On - Essentials - Click-on-Add-a-certificate-or-secret

  • Click on New client secret button.
    • On the Add a client secret popup, provide the required information:
      • Description: Enter a Description for this client secret
      • Expires: Select Expires duration from the dropdown.

      • Click on the Add button.

        Microsoft Office 365 - Add a client secret window, create the client secret

  • Then, copy the Value from the Client secrets tab. It's your Client Secret key.

    Microsoft Azure - Copy the Value from Client secrets tab

  • Paste the copied Client secrets Value into the Client Secret text field on your Drupal site.

    Drupal OAuth OpenId Connect module - Paste the copied secret value into the Client Secret text field

  • Again, go back to the Microsoft O365 portal.

  • From the left side panel, click on the API permissions.

    Click on API permissions from left side menu

  • Click on Add a permission button.

  • In the Request API Permissions pop-up, click on the Office 365 Management APIs box under the Microsoft APIs tab.

    Microsoft Azure - click on Add a permissions and select Office 365 Microsoft APIs

  • Under What type of permission does your application require?, select the Application permissions card box.

  • Select the Permission and click on the Add permissions button.

    Microsoft Office 365 OAuth Single Sign-On - Select permissions

  • Navigate to Overview tab from left navigation panel.

    Navigate to Overview tab

  • Click on Endpoints button, and copy the OAuth 2.0 authorization endpoint (v2).

    Click on Endpoints button

  • Navigate to the Drupal site and enter openid into the Scope text field.

  • Then, paste the copied authorization endpoint into the Authorization Endpoint text field.

    Drupal OAuth OpenId Connect login module - Paste the Authorization Endpoint

  • Again navigate to the Microsoft Office 365 portal, copy the OAuth 2.0 token endpoint (v2) from the Endpoints window.

    Microsoft Office 365 OAuth Single Sign-On - Endpoints window - Copy the Token Endpoint

  • The Send Client ID and Secret in allow you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings. Click on the Save Configuration button.

  • Check the checkbox to Enable Login with OAuth, scroll down, and click the Save Configuration button.

    Drupal-Azure-AD-OAuth-Client-Select-Header-or-Body

Test configuration of Drupal with Office 365:

  • After successfully saving your application, click the Perform Test Configuration button to verify the OAuth SSO connection between Drupal and Office 365.

    Drupal OAuth Client Configuration Login module - Click Perform Test Configuration button

  • On a Test Configuration pop-up, if you don't have any active sessions in Office 365 on the same browser, you will be asked to login into the Office 365. Once you are successfully logged into the Office 365, you will be provided with a list of the attributes that are received from the Office 365. 

  • Click the Configure Mappings button.

    Drupal OAuth Client module - On-a-Test-Configuration-window-Get-the-list-of-attribute-from-Office365

  • Once you click on the Configure Mapping button, you will be redirected to the Attribute Mapping tab. From there, select the appropriate attribute from the OAuth Server Attribute dropdown where the email value is received, and then click the Save Configuration button.

    Drupal-Office-365-OAuth-Client-latest-Attribute-Mapping

    Note: Mapping the Email Attribute is mandatory for your login to work. 

Congratulations! You have successfully configured Office 365 (O365) as OAuth Provider and Drupal as OAuth Client.

How to perform the SSO login?

  • Now, open a new browser/private window and go to your Drupal site login page.
  • Click on the Login using Office365 link to initiate the SSO from Drupal.

  • If the configuration is correct, you will be logged in to the Drupal site.

Contact our 24*7 support team

Feel free to reach out to our Drupal experts if you need any sort of assistance in setting up OAuth2 Client SSO Login on your Drupal site.

 Get In Touch With Us Join Our Slack Channel

back to top Back to top

Help improve this page

Page status: No known problems

You can: