Microsoft AD Sign In must be implemented by Commerce Vision. For 4.30+


Single sign-in using Microsoft Azure Active Directory allows your Website Users to authenticate and sign in with their Microsoft credentials. Access can be restricted, forced or granted by email address domain name.

Customer Experience

On the login page/popup, along with the userid/password method, sign in with Microsoft is available. 


When the user selects this method, the system checks your site's settings to see if they can log in this way:

Restricted: If there is a restriction, they will be redirected to use the userid/password method.

Available: If there are no restrictions, the user can enter their Microsoft sign in details and have to approve it. If they're already signed into their Microsoft account, they will be logged in without having to approve it,  

For administrators

On this page:

Additional Information

Minimum Version Requirements



Azure AD 

Self Configurable


Business Function

Third party login



Third Party Costs


Step-by-step guide

This guides you through the configurations for Microsoft Azure Sign-In for your site.

Before You Begin...

Have at hand the Application (Client) ID and Directory (Tenant) ID (if these have not been entered).

Configure Microsoft Sign-in

  1. In the CMS, go to Settings → Settings → Feature Management → User → Third Party Logins

  2. Click Configure.

  3. Scroll down to the Microsoft section. 

  4. To enable this feature on your site, toggle ON Enabled

  5. In Application (Client) ID, enter the application ID key, if it's not already there.
  6. In Directory (Tenant) ID -For Single Tenant Use Only, enter the key if your application is for 'Single Tenant' (single directory), otherwise leave empty.  

  7. The Invalid User Message appears when the Microsoft User account cannot be linked to a registered User. If needed, change the message to suit. 

  8. The Declined Consent Message displays if the User cancels before completing the authentication. They will be returned to the login page. If needed, change the message to suit.

  9. To specify domain-based rules, toggle ON Enable Domain Restrictions.

  10. To force users from specific domains to use Microsoft Sign In, enter each domain, then press Enter or Tab.

  11. To allow only certain domains to use Microsoft sign in, in Allowed Microsoft Sign In Domains, enter each domain, then press Enter or Tab.

  12. In Microsoft Sign In Not Allowed Message, edit the message displayed to the user when they are not permitted to use Microsoft Sign In.

  13. In Username/password Login Not Allowed Message, edit the message displayed to the user when they must use Microsoft Sign In.

  14. To save your settings, click Save or Save & Exit.

  15. Reset the dictionary to ensure changes are made live. 

  16. IMPORTANT - If using Microsoft Start App, restart the application.

  17. Check Microsoft sign-in is now available on your website.

Edit Login Widgets

Edit relevant details shown to the user on:

Go to ContentContentPages & TemplatesAccountsLogin Page  OR  Login Logout Modal Page

Edit User Messages

To edit messages displayed to the user:

  1. Go to ContentContentResources.

  2. Find the resource you want to edit. TIP - Enter 'thirdpartylogin' in Search. 

    List of messages resources used:

    1. rcThirdPartyLoginLinkingInfoMessage
    2. rcThirdPartyLoginMicrosoftDeclinedConsentMessage
    3. rcThirdPartyLoginMicrosoftInvalidUserMessage
    4. rcThirdPartyLoginMicrosoftSignInNotAllowedMessage

    5. rcThirdPartyLoginMicrosoftUserPassLoginNotAllowedMessage

    6. rcThirdPartyLoginRegistrationEmailAddressErrorMessage
    7. rcThirdPartyLoginRegistrationEmailAddressInfoMessage
    8. rcThirdPartyLoginRegistrationEmailAddressInvalidErrorMessage

Related Resources

There is no content with the specified labels