6.5 Example Microsoft Entra settings
The following is an example set of configuration options and mapping attributes for Microsoft Entra. You can use this as a starting point for your own configuration in the appsettings.Production.json file for the web.oauth2 service; see section 6.1, Configuring Microsoft Entra.
Copy
"ExternalProviders":[
{
"Name":"Microsoft Entra ID",
"LogonMechanismId":101,
"Action":"CreateAndUpdate",
"MicrosoftAccountOptions":{
"ClientId":"bb61c9f6-9a71-42ba-a156-05db9a7a6407",
"ClientSecret":"",
"AuthorizationEndpoint":"https://login.microsoftonline.com/2fad39ef-cead-489d-a755-c3b45c762c4a/oauth2/v2.0/authorize",
"TokenEndpoint":"https://login.microsoftonline.com/2fad39ef-cead-489d-a755-c3b45c762c4a/oauth2/v2.0/token"
},
"ClientSecretEncrypted":"AQAAANCMnd8BFdERjHoAwE/C [...] JwWwaKXWoS3i+ulxtmjVQyudpQ==",
"Mappings":[
{
"Match":{
"officeLocation":"Headquarters"
},
"Attributes":[
{
"From":"id",
"To":"XuSYSExternalReferenceId1",
"Mandatory":true,
"Unique":true,
"Update":true
},
{
"From":"displayName",
"To":"FullName"
},
{
"From":"givenName",
"To":"FirstName"
},
{
"From":"surname",
"To":"Surname"
},
{
"From":"userPrincipalName",
"To":"UserPrincipalName",
"LookupExisting":true,
"LdapSync":true
},
{
"From":"mail",
"To":"Email"
},
{
"From":"",
"To":"Roles",
"Static":"<role name='Cardholder' scope='1'/><role name='PasswordUser scope='2'/>"
},
{
"From":"",
"To":"GroupName",
"Static":"Imported From Microsoft"
},
{
"From":"",
"To":"ParentGroupName",
"Static":"External"
}
]
}
]
}
]