Microsoft
Let your team sign in with their Microsoft or Azure AD / Entra ID accounts.
Your redirect URI
Entra will ask for a redirect URI. Use your hub’s URL with this exact path:
https://your-hub-url/api/auth/microsoft/callbackSetup
Register an app
Go to the Microsoft Entra admin center, open Entra ID → App registrations, and click New registration. Give it a name and click Register.
Copy the client ID
Grab the Application (client) ID from the Overview page.
Add a web platform
In the sidebar go to Authentication, click Add a platform, choose Web, then add https://your-hub-url/api/auth/microsoft/callback as the redirect URI and click Configure.
Create a client secret
Go to Certificates & secrets, click New client secret, fill in a description and expiry, then copy the Value (not the Secret ID, that’s the wrong one).
Add everything to Perch
Paste the Client ID and Secret into the Microsoft card in Perch (Admin → Auth) and enable it.
Tenant ID
By default Perch uses common as the tenant, which lets in any Microsoft account, personal or work. To lock sign-ins to your organization, set the Tenant ID field to your Azure AD tenant ID. You’ll find it on the app’s Overview page.
Domain restriction
Fill in Allowed Domain to limit sign-ins to a specific email domain (like yourcompany.com), even while using common as the tenant.