Expanding socials! Welcome Apple!

Hello everyone! I’m thrilled to announce another exciting milestone: “Sign in with Apple” is now publicly available for external tenants in Microsoft Entra External ID.

This feature lets you add Apple as a social identity provider to your user flows. Users can now sign up and sign in to your applications using their Apple ID through a simple “Sign in with Apple” option.

What is supported?

Apple is the third pre-configured social identity provider in Entra External ID platform, joining Google and Facebook as self-service sign-up/sign-in methods. Users can now sign up for your applications using their existing Apple ID accounts without creating new credentials or providing extensive details.

During sign-up, users can sign in to their Apple ID and consent to share their details with your application. Entra will automatically prefill user information from Apple, such as name, last name, and email address, to create their account for your application.

Through the Open Authorization (OAuth) framework, Entra also supports Single Sign-On (SSO). Once users sign in to their Apple ID account, they can access all authorized applications without additional sign-ins. SSO allows Entra to authenticate users across all their applications, eliminating repeated login prompts within the same session.

An additional advantage is the ability to publish your social login-enabled mobile apps in the Apple App Store. According to App Store Review Guidelines (section 4.8), apps that offer third-party login options like Facebook, Google, Twitter, or Amazon must include “Sign in with Apple.” With Entra External ID, you can now confidently publish your apps to the Apple App Store with social login capabilities.

How to configure Apple?

To configure Apple as an identity provider in your Entra external tenant, follow these steps:

1. Create an Apple application in Apple Developer Portal and register it using your Entra External ID tenant domains and return URLs. You’ll need to collect your Apple service ID, team ID, application key ID, and client secret key from Developer Portal.

2. Set up the Apple external identity provider in your Entra External ID tenant using either the Graph API or Microsoft Entra admin center.

3. Add the Apple identity provider to your application’s user flow.

4. Now, Apple will appear as a sign-in/sign-up option in your application’s identity providers. Users can select the “Sign in with Apple” button, which redirects them to Apple’s sign-in page. After giving consent to your application’s access to their information, they’ll return to complete their account creation. Once set up, users can sign in anytime using their AppleID.

For detailed instructions on setting up Apple identity provider, refer to the Add Apple for customer sign-in article.

Stay connected and informed

To learn more or test out features in the Microsoft Entra portfolio, visit our developer center. Make sure you subscribe to the Identity developer blog for more insights and to keep up with the latest on all things Identity. Follow us on YouTube for video overviews, tutorials, and deep dives.

We encourage you to share your feedback and tell us what you think or suggest new features to make Microsoft Entra External ID better.

You can also join our research panel to receive occasional invites to participate in customer research opportunities.