How to configure Microsoft Identity provider with Single tenant

Hi I’m trying to configure Keycloak to use the Microsoft Identity.
I have tried to follow the official documentation but it does not work as the page where you are supposed to register does not work any more…

Instead i used this page and choosing to use Accounts in this organizational directory only (**** only - Single tenant).

Then i added a client secret and saved my identity provider.

Now the Microsoft button shows up as expected in the login portal, but i get the following error in my url

Application '*****'(***) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.

I have found a solution that where the user has the same issue, and the solution is to change to Multitenant but this seems like a huge security risk, i only want users from my own tenant to be able to login.

Is there any better solution to this?

In your case, don‘t use the „social“ identity provider, but the generic OIDC provider. The social provider has hard coded URLs for Microsoft, but you need custom URLs for your use case.

See also my video here:

1 Like