Adding an Office365 OAuth2 identity provider to Keycloak

Last Updated : Jun 10, 2026 |

About this task

To use SSO capabilities and authenticate users using Office365, you must configure the Office365 identity provider on Keycloak.

When you create an Office 365 identity provider, Keycloak automatically generates a redirect URI. Your Microsoft Azure application sends authentication tokens to this URI.

Before you begin

Obtain the application ID and client secret for the application you registered on Microsoft Azure.

Procedure

  1. On the Keycloak web administration interface, navigate to Identity Providers.
  2. Click Add provider and select Microsoft.

    Keycloak displays the Add identity provider page.

  3. In Client ID, enter the application ID you copied from your Microsoft Azure application.
  4. In Client Secret, enter the client secret you copied from your Microsoft Azure application.
  5. Click Save to create the identity provider.