> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/general/authentication/microsoft-authentication-with-devolutions-server.md).
# Microsoft authentication with Devolutions Server
{% hint style="info" %}
Microsoft Entra ID subscription is required to configure Office365 authentication in Devolutions Server. One new app registration is required in Microsoft Entra ID before completing the authentication settings. For more information about the app registrations, see [Azure portal configuration guide for Microsoft Authentication](https://docs.devolutions.net/server/kb/how-to-articles/azure-portal-configuration-guide-microsoft-authentication/).
{% endhint %}
The ***Microsoft Authentication*** tab allows Devolutions Server to authenticate users using Office365 authentication. The ***Display name***, ***Tenant ID***, ***Client ID*** and ***Secret value*** fields are mandatory.
### Parameters
| OPTION | DESCRIPTION |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Display name** | The name displayed for this configuration. |
| [**Authentication mode**](https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/general/authentication/office-365/) | Sets the permission model used by Devolutions Server to authenticate against Microsoft Entra ID.
- Application permissions (recommended default): Devolutions Server authenticates as the app itself using client credentials.
- Delegated permissions: Devolutions Server impersonates a service account user to make Microsoft Graph calls.
|
| **Tenant ID** | The TenantID is the Directory ID of the Entra ID. |
| **Client ID** | Application ID of the Entra ID application. |
| **Use specific client ID for users and user groups cache** | Only use this if the secret is in another Azure application. |
| **Secret value** | Secret generated in Azure. |
| **Type of user interaction on login** | - Automatic: Choose the most appropriate method for the context.
- Select account: Always display account selection.
- None: Silent connection only, the user must be connected through another application of the provider.
- Login: Forces the user to the provider every time.
|
| **Test connection** | Test the connection given the current parameters. |
### Automatic user creation
| OPTION | DESCRIPTION |
| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- |
| **Auto create on first login** | Creates a user with the first login. |
| **Only from this group** | Only users from this group will be created on first login (only available when ***Auto create on first login*** is enabled). |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/general/authentication/microsoft-authentication-with-devolutions-server.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.