diff --git a/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs b/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs index 0f03f68a0..d03814afa 100644 --- a/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs +++ b/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs @@ -21,6 +21,15 @@ namespace Squidex.Config.Authentication options.ClientId = identityOptions.MicrosoftClient; options.ClientSecret = identityOptions.MicrosoftSecret; options.Events = new MicrosoftHandler(); + + var tenantId = identityOptions.MicrosoftTenant; + + if (!string.IsNullOrEmpty(tenantId)) + { + var resource = "https://graph.microsoft.com"; + options.AuthorizationEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/authorize?resource={resource}"; + options.TokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/token?resource={resource}"; + } }); } diff --git a/backend/src/Squidex/Config/MyIdentityOptions.cs b/backend/src/Squidex/Config/MyIdentityOptions.cs index 01fb1eb8c..a89555413 100644 --- a/backend/src/Squidex/Config/MyIdentityOptions.cs +++ b/backend/src/Squidex/Config/MyIdentityOptions.cs @@ -35,6 +35,8 @@ namespace Squidex.Config public string MicrosoftSecret { get; set; } + public string MicrosoftTenant { get; set; } + public string OidcName { get; set; } public string OidcClient { get; set; } diff --git a/backend/src/Squidex/appsettings.json b/backend/src/Squidex/appsettings.json index c93152858..2feeb2b65 100644 --- a/backend/src/Squidex/appsettings.json +++ b/backend/src/Squidex/appsettings.json @@ -479,9 +479,11 @@ "githubSecret": "d0a0d0fe2c26469ae20987ac265b3a339fd73132", /* * Settings for Microsoft auth (keep empty to disable). + * Tennant is optional for using a specific AzureAD tenant */ "microsoftClient": "b55da740-6648-4502-8746-b9003f29d5f1", "microsoftSecret": "idWbANxNYEF4cB368WXJhjN", + "microsoftTenant": null, /* * Settings for your custom oidc server. */