{"id":2302,"date":"2025-03-18T06:49:03","date_gmt":"2025-03-18T13:49:03","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/identity\/?p=2302"},"modified":"2025-03-18T06:49:03","modified_gmt":"2025-03-18T13:49:03","slug":"openid-connect-external-identity-provider-support-ga","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/identity\/openid-connect-external-identity-provider-support-ga\/","title":{"rendered":"Announcing the General Availability of OpenID Connect external identity provider support for Microsoft Entra External ID"},"content":{"rendered":"<p>In November 2024, we introduced the <a href=\"https:\/\/devblogs.microsoft.com\/identity\/openid-connect-external-identity-provider-support-public-preview\/\">public preview of OpenID Connect identity provider support for Microsoft Entra External ID<\/a>, enabling federation with external identity providers such as Amazon, Auth0, Okta, personal Microsoft Accounts and, Azure Active Directory B2C.<\/p>\n<p>Today, after extensive validation with many customers during the preview, we\u2019re thrilled to announce the General Availability of OpenID Connect (OIDC) identity provider support in Microsoft Entra External ID. This feature allows you to integrate sign-in and sign-up user flows with identity providers using the OAuth 2.0 authorization standard and OIDC specifications.<\/p>\n<p>Enabling users to access your applications with their existing accounts from other identity providers provides two major benefits: it facilitates partner integration through identity federation and allows users to sign in with their existing credentials rather than creating new ones. This seamless approach fosters partnerships, boosts conversion rates, and enhances user satisfaction.<\/p>\n<p><div  class=\"d-flex justify-content-center\"><a class=\"cta_button_link btn-primary mb-24\" href=\"https:\/\/aka.ms\/oidc\" target=\"_blank\">Get Started with Custom OpenID Connect (OIDC) Federation<\/a><\/div><\/p>\n<h2>Key scenarios for OpenID Connect external identity providers<\/h2>\n<p>Microsoft Entra External ID&#8217;s OIDC external identity provider support enables several key scenarios:<\/p>\n<ul>\n<li><strong>Integrate with cloud identity providers<\/strong>: Seamlessly connect your sign-in and sign-up flows with cloud identity providers.<\/li>\n<li><strong>Federate with Azure AD B2C<\/strong>: Create new CIAM experiences with Entra External ID while maintaining integration with existing Azure AD B2C tenants.<\/li>\n<li><strong>Federate with social Identity Providers including Personal Microsoft Account<\/strong>: Allow users to easily sign in with their existing social provider accounts.<\/li>\n<li><strong>Implement partner identity providers<\/strong>: Enable federated authentication for partnership scenarios, such as partner employee discount programs.<\/li>\n<li><strong>Federate with government and citizen identity providers<\/strong>: Establish secure authentication with government and citizen identity providers.<\/li>\n<\/ul>\n<h2>Getting started with OpenID Connect federation<\/h2>\n<p>For detailed guidance on configuring OpenID Connect identity providers, incorporating them into your user flows, and seamlessly integrating sign-in and sign-up experiences into your application, explore these valuable resources:<\/p>\n<ul>\n<li><a href=\"https:\/\/aka.ms\/oidc\">Add OpenID Connect as an external identity provider<\/a> <\/li>\n<li><a href=\"https:\/\/aka.ms\/oidcclaimmapping\">OpenID Connect claims mapping<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/entra\/external-id\/customers\/how-to-microsoft-accounts-federation-customers\">Add MSA for customer sign-in &#8211; Microsoft Entra External ID<\/a><\/li>\n<li><a href=\"https:\/\/aka.ms\/oidc-b2c\">Add Azure AD B2C tenant as an OpenID Connect identity provider<\/a> <\/li>\n<\/ul>\n<h2>What\u2019s next?<\/h2>\n<p>OpenID Connect federation currently supports federation only with non-Entra tenants, such as Azure AD B2C, personal Microsoft Accounts, and any cloud identity provider that follows the OpenID Connect protocol.<\/p>\n<p>In the next phase, we\u2019ll expand this capability to enable federation with Entra tenants as OpenID Connect external identity providers. This improvement will allow organizations to authenticate seamlessly with business partners or employee accounts using Entra tenants.<\/p>\n<p>Following the Entra tenant federation update, we plan to introduce sign-in sign-up auto acceleration for identity providers using domain or issuer hints, add domain-based federation capabilities, and extend OpenID Connect federation support to workforce tenants.<\/p>\n<h2>Stay connected and informed<\/h2>\n<p>To learn more or test out features in the Microsoft Entra portfolio, visit our\u202f<a href=\"https:\/\/aka.ms\/dev\/external-id\">developer center<\/a>. Make sure you subscribe to the\u202f<a href=\"https:\/\/aka.ms\/devblog\/external-id\">Identity developer blog<\/a>\u202ffor more insights and to keep up with the latest on all things Identity. And, follow us on\u202f<a href=\"https:\/\/www.youtube.com\/@MicrosoftSecurity\/playlists\">YouTube<\/a>\u202ffor video overviews, tutorials, and deep dives.<\/p>\n<p>We encourage you share your feedback and\u202f<a href=\"https:\/\/forms.office.com\/r\/m4eAtkXtxW\">tell us what you think<\/a>,\u202for suggest new features to make external identities federation features even better. Also, please\u202f<a href=\"https:\/\/ux.microsoft.com\/Panel\/MicrosoftEntraExternalID?utm_campaign=ExternalID&amp;utm_source=AppService&amp;utm_medium=Blog\">join our research panel<\/a>\u202fto receive occasional invites to participate in customer research.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discover the new OpenID Connect identity provider support in Microsoft Entra External ID, now generally available. Simplify user sign-in and partner integrations, and improve conversion rates and user satisfaction by federating with external identity providers like Okta, Amazon, Auth0, and Azure AD B2C.<\/p>\n","protected":false},"author":176677,"featured_media":2044,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[32,33],"tags":[38,16,47,66],"class_list":["post-2302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-product-updates","tag-authentication","tag-entra","tag-external-id","tag-identity-federation"],"acf":[],"blog_post_summary":"<p>Discover the new OpenID Connect identity provider support in Microsoft Entra External ID, now generally available. Simplify user sign-in and partner integrations, and improve conversion rates and user satisfaction by federating with external identity providers like Okta, Amazon, Auth0, and Azure AD B2C.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/2302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/users\/176677"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/comments?post=2302"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/2302\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media\/2044"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media?parent=2302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/categories?post=2302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/tags?post=2302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}