Skip to main content
This guide walks you through configuring Microsoft as a social login provider for your application.

Prerequisites

  • A Microsoft Azure account
  • Your Microsoft OAuth Application (client) ID and Client Secret

Configure Microsoft OAuth

1

Register an application on Azure

  1. Go to the Azure Portal
  2. Navigate to Microsoft Entra ID > App registrations
  3. Click New registration
  4. Enter a name (e.g. “Prelude Session”)
  5. Under Supported account types, select the option that fits your needs (e.g. “Accounts in any organizational directory and personal Microsoft accounts”)
  6. Click Register
  7. Copy the Application (client) ID — you will need it in the next step
2

Set the redirect URI

  1. In your app registration, go to Manage > Authentication
  2. Click Add a platform > Web
  3. Enter the following redirect URI:
https://${YOUR_CUSTOM_DOMAIN}/v1/session/login/oauth/microsoft/callback
Replace ${YOUR_CUSTOM_DOMAIN} with your custom domain (e.g. session.yourapp.com).
  1. Click Configure
The redirect URI must match exactly. Make sure there is no trailing slash and that you are using https.
3

Create a client secret

  1. In your app registration, go to Certificates & secrets
  2. Click New client secret
  3. Enter a description and select an expiration period
  4. Click Add
  5. Copy the Value (not the Secret ID) — you will need it in the next step
4

Create the Microsoft OAuth configuration

curl -X POST https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/microsoft \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your-microsoft-client-id",
    "client_secret": "your-microsoft-client-secret",
    "enabled": true,
    "options": {
      "use_email_as_identifier": true,
      "allow_email_account_merge": true
    }
  }'
FieldDescription
client_idYour Microsoft Application (client) ID.
client_secretYour Microsoft client secret value.
enabledSet to true to enable Microsoft login.
options.use_email_as_identifierWhen true, the user’s Microsoft email is stored as an email identifier.
options.allow_email_account_mergeWhen true, if a user with the same email already exists, the Microsoft account is linked to the existing user.

Update the configuration

To update an existing Microsoft OAuth configuration: 
curl -X PUT https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/microsoft \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your-new-microsoft-client-id",
    "client_secret": "your-new-microsoft-client-secret",
    "enabled": true,
    "options": {
      "use_email_as_identifier": true,
      "allow_email_account_merge": true
    }
  }'

Delete the configuration

To remove Microsoft OAuth from your application: 
curl -X DELETE https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/oauth/microsoft \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}"

What’s next?

Now that Microsoft OAuth is configured on your backend, integrate the frontend using the Web Integration guide.