home

MinistryPlatform

RealmMinistryPlatformPDSACSAccountingGivingConnectShepherdGrowth MethodGo MethodMissionInsiteGatherHeadMaster ChildcareTrust Center
RealmMinistryPlatformPDSACSAccountingGivingConnectShepherdGrowth MethodGo MethodMissionInsiteGatherHeadMaster ChildcareTrust Center

What would you like to know more about?

Show Contents

Show Page Sections

thumbnailMinistryPlatform

External Login Authentication

Microsoft Entra ID (Azure AD)

This section covers everything you need to know to configure your instance of MinistryPlatform so your members can log in through Microsoft Entra ID (formerly Azure Active Directory).

Note: When you configure this external login, your users can log in to their MinistryPlatform account, but they can't create a new account using this external login.

To provide External Authentication, you must create and configure an Identity Provider. Before you get started:

  • Confirm you have System Administrator rights to the Platform.
  • Confirm you have Administrative rights to the Microsoft Azure portal.
  • Log in to the Platform and the Microsoft Azure portal.
    Tip: Stay logged in to both the Platform and Microsoft Entra ID while you set up authentication.

Register with Microsoft Entra ID

  1. In the Microsoft Azure portal, go to Microsoft Entra ID > App registrations.
  2. Click New registration.
  3. Enter your application name.
  4. Select your account type.
    • Option 1: Accounts in this organizational directory only (Default Directory only - single - tenant).
    • Option 2: Accounts in any organizational directory (Any directory - multi-tenant) and personal Microsoft Accounts (such as Skype or Xbox).
    Note: You must select one of those two supported account types.
  5. Click Register to create the application registration.
  6. From the Overview page, click Add a Redirect URI.
  7. Select Web from the drop-down menu.
  8. Add your Platform URL.
    https://example-church.ministryplatform.net/mp
  9. Click Configure.
  10. From the Overview page, copy the Application (client) ID. You'll need this when it's time to configure the Platform.

Create an Identity Provider Record in MinistryPlatform

  1. In the navigation menu, click Administration > Identity Providers.
  2. Click New Identity Provider, and enter the following on the new record:
    • Display Name: Microsoft Entra ID
    • Provider Name: OAuth 2.0/ Open ID Connect
    • Client ID: The Application [Client] ID you copied from the Azure portal
    • Client Secret: Leave blank for now
    • Metadata Address
    • Is Public: Yes
  3. Click Save.
  4. Click Edit.
  5. In Settings, add the Redirect URI Endpoint as shown below. Make sure to replace "[your Platform"> base URL]" and "[Identity Provider Unique ID GUID]", which was generated when you saved the record.
    {"RedirectUri":"https://[your Platform"> base URL]/ministryplatformapi/oauth/callback/[Identity Provider Unique ID GUID]"}
  6. Click Save.

Find & Copy Metadata Address

  1. Go to your newly created Azure registry.
  2. Go to Overview > Endpoints > OpenID Connect Metadata Document.
  3. Copy the URL.
  4. Paste the URL into the Metadata Address field.

Final Steps

You're almost there! These are the last things you need to do before your members can log in using Microsoft Entra ID.

Add Redirect URI Endpoint to Azure

  1. Copy the Redirect URI Endpoint from the Settings field on the identity provider record in the Platform.
  2. Go to Default Directory > Overview > Redirect URI, and click the value you want to update.
  3. Paste the Redirect URI Endpoint you copied from the Platform. The Redirect URI in Azure should match the Redirect URI Endpoint in the Platform.
  4. Enable access tokens. These are used for implicit flows.
  5. Enable ID tokens. These are used for implicit and hybrid flows.
  6. Click Save.

Create & Add Your Client Secret

  1. Go to Azure > Default Directory > Overview > Client Credentials.
  2. Click Add a Certificate or Secret.
  3. Click New Client Secret.
    • In the Description field, enter your church name.
    • In the Expires field, enter 24 months.
  4. Click Add.
  5. Copy the value GUID.
  6. In the navigation menu, click Administration > Identity Providers.
  7. Open your Microsoft Entra ID record.
  8. Click Edit Record.
  9. Paste the Client Secret you copied from Azure into the Client Secret field on the identity provider record.
  10. Click Save.

Restart the Auth App

  1. In the Platform, click your picture in the upper right corner and click User Account.
  2. Select Restart Auth App.

Once complete, a button for Microsoft Entra ID displays on your Platform login page.

portal
MinistryPlatform
Platform

Last updated: November 24, 2025