Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
Getting StartedProvidersMicrosoft Entra Id

Microsoft Entra ID

đź’ˇ

Microsoft has renamed Azure AD to Microsoft Entra ID, more information about the new name can be found here.

Resources

Setup

Callback URL

https://example.com/api/auth/callback/microsoft-entra-id

Environment Variables

AUTH_MICROSOFT_ENTRA_ID_ID
AUTH_MICROSOFT_ENTRA_ID_SECRET
AUTH_MICROSOFT_ENTRA_ID_TENANT_ID

Configuration

/auth.ts
import NextAuth from "next-auth"
import MicrosoftEntraID from "next-auth/providers/microsoft-entra-id"
 
const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [
    MicrosoftEntraID({
      clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID,
      clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET,
      tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID,
    }),
  ],
})

Notes

  1. Allow only Specific Active Directory Users
  • In https://entra.microsoft.com/ select Identity from the left bar menu.
  • Next, go to “App Registration” in the left menu, and create a new one.
  • Pay close attention to “Who can use this application or access this API?”
    • This allows you to scope access to specific types of user accounts
    • Only your tenant, all Microsoft tenants, or all Microsoft tenants and public Microsoft accounts (Skype, Xbox, Outlook.com, etc.)
  • When asked for a redirection URL, use https://yourapplication.com/api/auth/callback/microsoft-entra-id or for development http://localhost:3000/api/auth/callback/microsoft-entra-id.
  • After your App Registration is created, under “Client Credential” create your Client secret.
  • Now copy your:
    • Application (client) ID
    • Directory (tenant) ID
    • Client secret (value)

In .env.local create the following entries:

AUTH_MICROSOFT_ENTRA_ID_ID=<copy Application (client) ID here>
AUTH_MICROSOFT_ENTRA_ID_SECRET=<copy generated client secret value here>
AUTH_MICROSOFT_ENTRA_ID_TENANT_ID=<copy the tenant id here>

That will default the tenant to use the common authorization endpoint. For more details see here.

Auth.js © Balázs Orbán and Team - 2024