Skip to content
Migrating from NextAuth.js v4? Read our migration guide.
Getting Started
Providers
Microsoft Entra Id

Microsoft Entra ID

💡

Microsoft has renamed Azure AD to Microsoft Entra ID, more information about the new name can be found here.

Resources

Setup

Callback URL

https://example.com/api/auth/callback/microsoft-entra-id

Configuration

/auth.ts
import NextAuth from "next-auth"
import Entra from "next-auth/providers/microsoft-entra-id"
 
const { handlers, auth, signin, signout } = NextAuth({
  providers: [
    Entra({
      clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID,
      clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET,
    }),
  ],
})

Notes

  1. Allow only Specific Active Directory Users
  • In https://entra.microsoft.com/ select Identity from the left bar menu.
  • Next, go to “App Registration” in the left menu, and create a new one.
  • Pay close attention to “Who can use this application or access this API?”
    • This allows you to scope access to specific types of user accounts
    • Only your tenant, all Microsoft tenants, or all Microsoft tenants and public Microsoft accounts (Skype, Xbox, Outlook.com, etc.)
  • When asked for a redirection URL, use https://yourapplication.com/api/auth/callback/microsoft-entra-id or for development http://localhost:3000/api/auth/callback/microsoft-entra-id.
  • After your App Registration is created, under “Client Credential” create your Client secret.
  • Now copy your:
    • Application (client) ID
    • Directory (tenant) ID
    • Client secret (value)

In .env.local create the following entries:

AUTH_MICROSOFT_ENTRA_ID_ID=<copy Application (client) ID here>
AUTH_MICROSOFT_ENTRA_ID_SECRET=<copy generated client secret value here>
AUTH_MICROSOFT_ENTRA_ID_TENANT_ID=<copy the tenant id here>

That will default the tenant to use the common authorization endpoint. For more details see here.

Auth.js © Balázs Orbán and Team - 2024