Loading
Salesforce now sends email only from verified domains. Read More
Help Agent Performance DegradationRead More
Salesforce Contracts
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure an Auth Provider for Microsoft App Manually Through Minimum Privilege Setup

            You are here:

            1. Salesforce Help
            2. Docs
            3. Salesforce Contracts

            Configure an Auth Provider for Microsoft App Manually Through Minimum Privilege Setup

            Add an Auth. Provider credential to establish a secure connection between Salesforce and Microsoft.

            Note
            Note To use a guided setup to integrate Microsoft 365 and Azure, see Set Up Microsoft 365 and Azure Integration Using Guided Setup.
            REQUIRED EDITIONS
            Available in: Lightning Experience
            Available in: Enterprise, Unlimited, Professional, and Developer Editions
            USER PERMISSIONS NEEDED  
            To configure Auth. Provider: CLM Admin User

            Ensure that Application (client) ID and Client Secret Value correspond to your Azure account. If the ID and value don't match with your Azure account, the add-in fails to function correctly or doesn't load as expected, and can result in graph API issues.

            1. From Setup, in the Quick Find box, enter Auth. Providers, and then select Auth. Providers.
            2. Click New, and select Open ID Connect as the provider type.
            3. Enter MicrosoftApp as the Auth Provider name.
              The URL automatically gets suffixed with MicrosoftApp.
            4. In Consumer Key, enter your Azure App's Application (client) ID.
            5. In Consumer Secret, enter your Azure App's Client Secret Value.
            6. In Authorize Endpoint URL, enter https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
            7. In Token Endpoint URL, enter https://login.microsoftonline.com/organizations/oauth2/v2.0/token
            8. In User Info Endpoint URL, enter https://graph.microsoft.com/oidc/userinfo
            9. In Default Scopes, enter Sites.Selected offline_access openid User.Read User.ReadBasic.All.
              Note
              Note Ensure that Default Scopes matches the API permissions that you added to your Microsoft Azure account. See Configure a Microsoft Azure App Manually Through Minimum Privilege Setup.
            10. Ensure Send client credentials in header is unselected.
            11. Select Send access token in header and Include Consumer Secret in SOAP API Responses.
            12. For Registration Handler, click Automatically create a registration handler template.
            13. In Execute Registration As, select your Salesforce admin account.
            14. Save your changes.
              Your auth provider details are saved, and Salesforce Configuration URLs are generated.
            15. In Salesforce Configurations, verify that these URLs are generated.

              • Test-Only Initialization URL

              • Single Sign-On Initialization URL

              • Existing User Linking URL

              • OAuth-Only Initialization URL

              • Callback URL

              • Single Logout URL

            16. If an experience cloud site is available in your Salesforce instance, expand Experience Cloud Sites and verify that these URLs are generated.

              • Test-Only Initialization URL

              • Single Sign-On Initialization URL

              • Existing User Linking URL

              • OAuth-Only Initialization URL

              • Callback URL

            17. Save your changes.

              The Registration Handler format is AutocreatedRegHandler with 13 digits.

              After you save the Auth. Provider details, a Registration Handler Apex Class gets created. For example, AutocreatedRegHandler1234567890123.
            18. Disable automatic synchronization of username and email address.
              When you link Salesforce to Microsoft Azure, the system automatically updates your Salesforce username and email address with your Microsoft Azure account details. You can turn off this automatic update.
              1. Click the Registration Handler Apex Class link.
              2. Click Edit.
              3. Search for the updateUser method and remove or comment out this code: 
                //u.email = data.email;
        //u.lastName = data.lastName;
        //u.firstName = data.firstName;
              4. Save your changes.
            19. Add the Callback URL.
              1. Go back to your auth provider.
              2. In the Salesforce Configuration section, copy the callback URL.
              3. Open your Microsoft Azure account, and click Overview.
              4. Next to Redirect URLs, click Add a Redirect URL.
              5. Select Add a platform | Web.
              6. Paste the callback URL in Redirect URIs.
              7. If available, select Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows).
              8. Click Configure.
              9. If you have a partner community set up, go to the Auth. Provider in your Salesforce org.
              10. From the Experience Cloud Sites section, copy the callback URL.
              11. Open your Microsoft Azure account, and click Authentication.
              12. Go to Web | Redirect URLs , and click Add URL.
              13. Paste the Experience Cloud Site callback URL, and save your changes.
                The Salesforce Configuration and Experience Cloud Sites sections are populated with URLs.
            20. Test if your Auth. Provider authentication was successful.
              1. From the Salesforce Configuration section, copy the Test-Only Initialization URL.
              2. Paste the URL in the address bar, and press Enter.

                This is a sample text that appears:

                The document tree details are shown.
             
            Loading
            Salesforce Help | Article