## Microsoft login

To allow users to log in with Microsoft, activate Microsoft login in the builder and create a Microsoft application to serve as the OAuth provider.

Follow these steps for a successful integration.

### Enabling Microsoft login in builder

1. Open the **Frontegg portal**.
2. Click on the **Login Box** button.
3. In the left panel, toggle **Microsoft** to on.


![Microsoft-Login-1](/assets/microsoft-login-1.e4264e405db59d6888b1fa48ef9c7116c3beae9f474d3e637b97cc611f2fd3e9.c822c9a6.png)

After modifying any settings, commit your changes and publish them to apply across your environments.

### Creating a Microsoft app

Complete the following steps to configure Microsoft login.

Moving between environments
When migrating a project between environments (e.g., from development to production), Frontegg automatically transfers your social login settings.

### Step 1: Open Azure Active Directory

1. In **Microsoft Azure**, go to **Manage Microsoft Entra ID** and select **View**.


![Microsoft-Login-2](/assets/microsoft-login-2.af9b9e98d5baae4c04d4ce91f85b154293e8da99fca4a00ab50be79f282b048c.c822c9a6.png)

### Step 2: Register your application

1. Click on **Add**, then click **App registrations**.


![Microsoft-Login-3](/assets/microsoft-login-3.b1f35cd830cebf335213f798383ad43028d1e8b0c5c29063036ff61590313a2b.c822c9a6.png)

1. Configure the registration:
  - **Name**: Enter the name for your app.
  - **Supported Account Types**: Choose **Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)**.
  - **Redirect URI**: Enter your application URL (use your Frontegg domain if using hosted login or your app domain if using embedded login) `/account/social/success` (e.g., `http://localhost:3000/account/social/success`).


![Microsoft-Login-4](/assets/microsoft-login-4.07345a2abf3ca526a585e2758c972566fad95a3fffae56b208e15045c93c6972.c822c9a6.png)

### Step 3: Get Client ID and Client Secret

1. Your **Client ID** is located on your app’s **Overview** page (look for *Application (client) ID*).


![Microsoft-Login-5](/assets/microsoft-login-5.d629143f22cd4b96b34af72b023ab02af54d35cfffc51c4766611f3d70858d4c.c822c9a6.png)

1. To create a client secret:
  - Go to **Manage** and then click on **Certificates & secrets**.
  - Click **New client secret**.
2. Set an expiration time and description for your client secret.


![Microsoft-Login-6](/assets/microsoft-login-6.c34497f693c67627c2d14e1c6e9c69994bcc4090a8a37f00b8fb9a8a26bb452c.c822c9a6.png)

1. Copy and save the **Value** of your client secret, as you will not be able to view it again later.


![Microsoft-Login-7](/assets/microsoft-login-7.2c02f80df5abffe3aba6987df7897f941adddaa4ecd4962e7a172dfdca2a6a74.c822c9a6.png)

### Step 4: Enter credentials in Frontegg

1. Go to [ENVIRONMENT] → Configurations ➜ Authentication → Social Logins.
2. Click the Microsoft **Manage** button.


![Microsoft-Login-8](/assets/microsoft-login-8.75dfe2b79a655d2dda16ef9bc7ddb39a818385a66399d7426b27858be0399fb7.c822c9a6.png)

1. Enter your **Client ID**, **Client Secret**, and **Redirect URL**. Save and publish the settings.


![Microsoft-Login-9](/assets/microsoft-login-9.bcb710d1a7a2eda0798fce2efcd217988300a5ab261ed1f48fe2a49f1f0dec3c.c822c9a6.png)

### Step 5: Test the Microsoft login button

1. Verify that the Microsoft login button appears on your login screen and redirects to the Microsoft OAuth consent screen.
2. Test to confirm functionality.


Configuring Microsoft Login Permissions
By default, only invited users can log in with Microsoft. To allow new users to sign up via Microsoft, enable **Allow Signup** in the left panel of the Login Box builder.

## Customizing authentication scopes for Microsoft

Scopes define the type of information your application can access after users grant permission. The generated access token includes these approved scopes. By default, Frontegg fetches user profile and email as standard scopes when users authenticate via their Microsoft account.

To add additional custom scopes, go to [ENVIRONMENT] → Configurations ➜ Authentication → Social logins → Custom → Scopes on the **Frontegg portal**. You can check Microsoft’s supported scopes [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent).