There are a number of steps you have to complete to be able to login to Microsoft. First, go to the Identity Providers left menu item and select Microsoft from the Add provider drop down list. This will bring you to the Add identity provider page.

Add Identity Provider


You can’t click save yet, as you’ll need to obtain a Client ID and Client Secret from Microsoft. One piece of data you’ll need from this page is the Redirect URI. You’ll have to provide that to Microsoft when you register Keycloak as a client there, so copy this URI to your clipboard.

To enable login with Microsoft account you first have to register an OAuth application at Microsoft. Go to the Microsoft Application Registration url.

Microsoft often changes the look and feel of application registration, so these directions might not always be up to date and the configuration steps might be slightly different.
Register Application


Enter in the application name and click Create application. This will bring you to the application settings page of your new application.



You’ll have to copy the Redirect URI from the Keycloak Add Identity Provider page and add it to the Redirect URIs field on the Microsoft application page. Be sure to click the Add Url button and Save your changes.

Finally, you will need to obtain the Application ID and secret from this page so you can enter them back on the Keycloak Add identity provider page. Go back to Keycloak and specify those items.