PHPackages                             winter/wn-ssoprovidermicrosoft-plugin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. winter/wn-ssoprovidermicrosoft-plugin

ActiveWinter-plugin[Authentication &amp; Authorization](/categories/authentication)

winter/wn-ssoprovidermicrosoft-plugin
=====================================

Microsoft 365 and Azure AD authentication provider for Winter.SSO

09PHP

Since Jan 17Pushed 5mo agoCompare

[ Source](https://github.com/wintercms/wn-ssoprovidermicrosoft-plugin)[ Packagist](https://packagist.org/packages/winter/wn-ssoprovidermicrosoft-plugin)[ RSS](/packages/winter-wn-ssoprovidermicrosoft-plugin/feed)WikiDiscussions main Synced today

READMEChangelogDependenciesVersions (1)Used By (0)

Winter.SSOProviderMicrosoft
===========================

[](#winterssoprovidermicrosoft)

Microsoft 365 and Azure AD authentication provider for [Winter.SSO](https://github.com/wintercms/wn-sso-plugin).

Allow your backend users to sign in using their Microsoft accounts, including:

- Microsoft 365 (formerly Office 365) work or school accounts
- Azure Active Directory (Azure AD / Entra ID) accounts
- Personal Microsoft accounts (@outlook.com, @live.com, @hotmail.com)

Features
--------

[](#features)

- **Multi-tenant support**: Allow users from any Microsoft 365 organization
- **Single-tenant support**: Restrict to your specific Azure AD tenant
- **Flexible account types**: Work/school accounts, personal accounts, or both
- **Tenant information**: Optionally retrieve tenant details for verification
- **User roles/groups**: Access Microsoft 365 group memberships via `.getRoles()`
- **Profile photos**: Automatically fetch user avatars
- **Refresh tokens**: Support for `offline_access` scope

Installation
------------

[](#installation)

```
composer require winter/wn-ssoprovidermicrosoft-plugin
```

Requirements
------------

[](#requirements)

- Winter CMS v1.2+
- PHP 8.0.2+
- [Winter.SSO plugin](https://github.com/wintercms/wn-sso-plugin)
- Azure AD application (or Microsoft 365 tenant)

Quick Start
-----------

[](#quick-start)

### 1. Create Azure AD Application

[](#1-create-azure-ad-application)

1. Go to [Azure Portal](https://portal.azure.com/)
2. Navigate to **Azure Active Directory** → **App registrations**
3. Click **New registration**
4. Configure:
    - **Name**: Your Application Name
    - **Supported account types**:
        - **Multi-tenant (public)**: "Accounts in any organizational directory and personal Microsoft accounts"
        - **Single-tenant (private)**: "Accounts in this organizational directory only"
    - **Redirect URI**: `https://example.com/backend/winter/sso/handle/callback/microsoft`
5. Click **Register**
6. Copy the **Application (client) ID**
7. Go to **Certificates &amp; secrets** → **New client secret**
8. Create and copy the secret **Value** (not the Secret ID)

See [Detailed Setup Guide](docs/setup.md) for screenshots and step-by-step instructions.

### 2. Configure Environment

[](#2-configure-environment)

Add to your `.env` file:

```
MICROSOFT_CLIENT_ID=your_application_client_id
MICROSOFT_CLIENT_SECRET=your_client_secret_value

# Tenant configuration (default: 'common')
# 'common' = any Microsoft account (multi-tenant)
# 'organizations' = work/school accounts only
# 'consumers' = personal Microsoft accounts only
# Or use your specific tenant ID for single-tenant
MICROSOFT_TENANT=common
```

### 3. Enable Provider

[](#3-enable-provider)

Create or edit `config/winter/sso/config.php`:

```
