How to sign in with Microsoft account in your Rails app

Ly Channa
4 min readApr 30, 2023

When talking about signing in with a third-party account, it is very common to see applications integrate with a Gmail or Facebook account. There are quite a good amount of resources on the subject, however, when it comes to signing in with Microsoft account, it is a bit less. I’ve decided to write this article after spending some hours figuring it out. I hope this will save you a few hours of setting up an application in Azure to get credentials to be used in the sign-in process.

Go to and signup for an account if you don’t have one. I simply used my GitHub account to signup. After signing in, you should see the Azure portal below

Now we are going to register an app and get credentials.

Applicaiton registration

In the Search box enter “App registrations”

Now Register an app, Go to “New registration”

On the New Registration page, fill in the form as shown below

And then wait a bit for Azure to create the application for you. Once it is done, you should see something like this:

You need to copy the value of the below the Application (client) ID let’s call this CLIENT_ID. Now we need to create a client secret. Click the “Add a certificate or secret” link as shown above to create the client secret.

On the “Certificates & secrets” page, click on “New client secret” to create a new secret.

Enter a description and select one of the default Expires fields. I choose Expires to be 24 months.

And then let’s copy the value in the Value column. This value is our CLIENT_SECRET.

Now we have the credentials we need. Before we touch the code, let’s complete other details

Enter Application details

In the Branding & Properties on the left navigation

Enter the details and then click on “Configure domain

Enter your domain in the “Publisher domain” input and then copy the “microsoft-identity-association.json” and put in under your project_root/.wellknown/microsoft-identity-association.json.

Run your application to double-check the response

If everything is ok, let’s verify the domain ownership by clicking on “Verify and save domain

API permission

On the left navigation menu, Select API permission. I have User.Read permission to get a public profile. If needed you can add more permission

module Users
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
include UserSessionHelper
before_action :handle_oauth2, only: %i[microsoft_office365]

# GET|POST: /users/auth/microsoft_office365/callback
def microsoft_office365


def handle_oauth2
auth_context = request.env['omniauth.auth'])

if auth_context.success?
# sign_out_all_scopes will destroy the session,
# thus we need to restore session[:user_return_to] for redirection
provider_name = auth_context.provider_name

flash[:notice] = t('devise.omniauth_callbacks.success', kind: I18n.t("oauth2_provider.#{provider_name}"))
user = auth_context.provider.user

flash[:alert] = auth_context.message
redirect_to new_user_session_path

and in the config/initializer/devise.rb

Devise.setup do |config|
config.omniauth :microsoft_office365, ENV['OFFICE365_OAUTH2_CLIENT_ID'], ENV['OFFICE365_OAUTH2_CLIENT_SECRET']