Microsoft Entra External ID is a cloud-based customer identity and access management (CIAM) service that enables you to easily add secure user authentication and registration to your preferred app type. With External ID, you can:

• Secure access for external identities: Allow external identities (such as partners, consumers, or business customers) to securely access enterprise apps and resources.

• Create customizable sign-up experiences: Create custom, branded sign-up experiences for users signing in to your apps. Configure background images, colors, logos, and text to match company branding.

• Streamline user management: Simplify the management of user accounts within an external tenant. Set up self-service registration flows, collect information during sign-up, and analyze user activity.

In this blog post, I will show you how to set up and run a sample Python Flask application that uses External ID for user authentication. By using External ID with Python, you can leverage the benefits of both technologies to build secure, scalable web applications quickly and easily using our Microsoft Authentication Library (MSAL).

Note: You can reach out to us and let us know what you think via the feedback links in the get started guide used in this blog post. We’d love to hear from you.

Prerequisites

1. Install Python 3+. For this example, I am using 3.12.4. If you are installing Python for the first time, I would recommend going through the Microsoft Python developer documentation on setting up Python.
2. An external tenant.
   • If you don’t have one, you can create one using our 30-day free trial or create an external tenant with an Azure subscription.
   • If you already have one, continue reading.

Setting up and running your app

I will show you how to set up Python Flask, but the same steps can be repeated for Python Django. It only takes a few minutes to get set up and have your code sample working.

1. The get started guide will run automatically if you are creating a new trial tenant. If you are using an existing tenant, or created a new tenant with an Azure subscription, you will need to start it manually.

   • Go to the Microsoft Entra admin center and ensure you’re in your external tenant.
   • Under Identity > Overview, click Start the guide.

2. On the first page of the guide, you can customize your sign-in experience.

   • Select your sign-in method, background color, logo, and alignment for how you want your sign-in experience to look.
   • Click Continue.

3. On the next tab, you can preview your changes and test them out. In the background, the guide creates a user flow and an application registration with a client ID, secret, and authority URL which we will use in the next step. You can find out more on what the guide configures here.

   • Click Run it now to test your sign-in experience in a new browser tab.
   • Go back to the guide and click Continue when you’re ready to proceed.

4. On the next screen, you can explore some code samples.

   • Select the web application option, and under languages, choose Python Flask.
   • Download and unzip the pre-configured code sample.
   • Inspect the .env file and you will see that your authority, redirect URL, client ID, and client secret are already configured (from the tenant and application registration that was automatically created).

5. Run Command Prompt and go to the path where you have downloaded and unzipped the sample. Run the following command:

cd CIAM-PythonFlaskWebApp

6. Run the following command:

pip install -r requirements.txt && flask run --port 5000

7. Visit `http://localhost:5000` in your web browser. The following sign-up process will appear, as shown below. Follow the entire process and you should have successfully signed up a user.

Let’s recap

You have now successfully set up and tested a Python Flask web application with Microsoft Entra External ID.

In this blog post, you have learned how to:

• Configure your sign-in experience with Microsoft Entra External ID
• Download and run a pre-configured Python Flask code sample that uses Microsoft Entra External ID
• Sign up and sign in an External ID user with email and password

Stay connected

To learn more or test out features in the Microsoft Entra portfolio, visit our developer center. Make sure you subscribe to the Identity blog for more insights and to keep up with the latest on all things Identity. And, follow us on YouTube for video overviews, tutorials, and deep dives.

Let us know what you think—we’d love to hear from you! As mentioned above, you can reach out via feedback links in the get started guide.