In November 2024, we introduced the public preview of OpenID Connect identity provider support for Microsoft Entra External ID, enabling federation with external identity providers such as Amazon, Auth0, Okta, personal Microsoft Accounts and, Azure Active Directory B2C.

Today, after extensive validation with many customers during the preview, we’re thrilled to announce the General Availability of OpenID Connect (OIDC) identity provider support in Microsoft Entra External ID. This feature allows you to integrate sign-in and sign-up user flows with identity providers using the OAuth 2.0 authorization standard and OIDC specifications.

Enabling users to access your applications with their existing accounts from other identity providers provides two major benefits: it facilitates partner integration through identity federation and allows users to sign in with their existing credentials rather than creating new ones. This seamless approach fosters partnerships, boosts conversion rates, and enhances user satisfaction.

Key scenarios for OpenID Connect external identity providers

Microsoft Entra External ID’s OIDC external identity provider support enables several key scenarios:

• Integrate with cloud identity providers: Seamlessly connect your sign-in and sign-up flows with cloud identity providers.
• Federate with Azure AD B2C: Create new CIAM experiences with Entra External ID while maintaining integration with existing Azure AD B2C tenants.
• Federate with social Identity Providers including Personal Microsoft Account: Allow users to easily sign in with their existing social provider accounts.
• Implement partner identity providers: Enable federated authentication for partnership scenarios, such as partner employee discount programs.
• Federate with government and citizen identity providers: Establish secure authentication with government and citizen identity providers.

Getting started with OpenID Connect federation

For detailed guidance on configuring OpenID Connect identity providers, incorporating them into your user flows, and seamlessly integrating sign-in and sign-up experiences into your application, explore these valuable resources:

• Add OpenID Connect as an external identity provider
• OpenID Connect claims mapping
• Add MSA for customer sign-in – Microsoft Entra External ID
• Add Azure AD B2C tenant as an OpenID Connect identity provider

What’s next?

OpenID Connect federation currently supports federation only with non-Entra tenants, such as Azure AD B2C, personal Microsoft Accounts, and any cloud identity provider that follows the OpenID Connect protocol.

In the next phase, we’ll expand this capability to enable federation with Entra tenants as OpenID Connect external identity providers. This improvement will allow organizations to authenticate seamlessly with business partners or employee accounts using Entra tenants.

Following the Entra tenant federation update, we plan to introduce sign-in sign-up auto acceleration for identity providers using domain or issuer hints, add domain-based federation capabilities, and extend OpenID Connect federation support to workforce tenants.

Stay connected and informed

To learn more or test out features in the Microsoft Entra portfolio, visit our developer center. Make sure you subscribe to the Identity developer blog for more insights and to keep up with the latest on all things Identity. And, follow us on YouTube for video overviews, tutorials, and deep dives.

We encourage you share your feedback and tell us what you think, or suggest new features to make external identities federation features even better. Also, please join our research panel to receive occasional invites to participate in customer research.