Microsoft IdP Adapter settings reference

Supported Account Types

The type of accounts that users can sign on with. The Single tenant and Multitenant options support organizational accounts from a school or work directory. Personal accounts are not associated with an organization.

Do one of the following:

The default selection is Personal accounts only.

Single Tenant ID

If you selected Single tenant for Support Account Types, enter the Directory (tenant) ID that you noted in Registering PingFederate as an application in Entra ID. Otherwise, leave this field blank.

This field is blank by default.

Client ID

The Application (client) ID that you noted in Registering PingFederate as an application in Entra ID.

Client Secret

The client secret Value that you noted in Registering PingFederate as an application in Entra ID.

Error Redirect URL

The URL that PingFederate redirects the user to when the adapter encounters an error.

If this field is blank, the adapter shows the default error page.

Unauthorized Redirect URL

The URL that PingFederate redirects to when the user doesn’t authorize Microsoft to share their information.

If this field is blank, the adapter shows the default error page.

Include Login Hint

If selected, the incoming User Id value (if provided) is sent as a login_hint query string parameter value to Microsoft.

Microsoft uses this value to pre-fill the Username field on the Microsoft user sign-on page.

Include Prompt

If selected, PingFederate automatically maps and sends the standard PingFederate-supported OIDC prompt parameter as the prompt parameter value in the authorization request to Microsoft.

To send other values in the authorization request, use the Additional Parameters table and provide the value in an incoming chained attribute. Learn more in step 3 of Configuring an adapter instance.

Microsoft Login Base URL

The base URL Microsoft uses for any authentication calls. The default value is:

Authorization Callback Endpoint

The PingFederate endpoint that Microsoft uses to respond to authorization requests. The default value is:

Microsoft Authorization Endpoint

The endpoint used to request an authorization code from Microsoft. The default value is:

Microsoft Token Endpoint

The endpoint Microsoft uses to retrieve an access token. The default value is:

Microsoft Logout Endpoint

The logout endpoint Microsoft uses to end the user’s session. The default value is:

Microsoft User Info URL

The URL used to retrieve Microsoft user data. The default value is:

Scopes

A list of comma-separated scopes to request from Microsoft. The default value is:

Microsoft Sign-on Presentation

Determines how the user is directed to Microsoft for authentication. Options include:

Microsoft Pop-up Template

The template file that presents the Microsoft sign-on form.

The default value is:

Microsoft Post Auth Template

The template file that the adapter presents after the user signs on.

The default value is:

Microsoft Messages File

The language-pack file associated with Microsoft Pop-up Template.

The default value is:

Retry Request

Select this checkbox to retry a request if the API fails with error codes configured.

Maximum Retries Limit

Determines how many times PingFederate will retry a request.

The default value is 5.

Retry Error Codes

Determines which response codes are considered failures.

The default value is 403.

API Request Timeout

The amount of time in milliseconds that PingFederate allows when establishing a connection with Entra ID or waiting for a response to a request. A value of 0 disables the timeout.

The default value is 5000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.