Microsoft auth with specific tenant

Is there a way to configure a tenant-specific endpoint when using the Microsoft auth provider? I want to limit the api access to only my tenant, which requires me to use
instead of
Sign in to your account

If that’s not possible, where is the file that has this endpoint specified so I can extend it for my case?

I believe in this case you will need to use extensions to tweak the api address used with the Grant/Purest. And here Grant must have something statically defined:

1 Like

Had same issue, found an older solution for v3 that I implemented like this in v4 : src/index.js with the bootstrap method.

async bootstrap(/*{ strapi }*/) {

    const pluginStore ={ type: 'plugin', name: 'users-permissions' })

    // Get actual grant config
    const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {}

    // Setup Microsoft grant config
    const endpoint = process.env.MICROSOFT_AUTH_TENANT_ID || 'common'

    const microsoftGrantConfig = {
      authorize_url: `${endpoint}/oauth2/v2.0/authorize`,
      access_url: `${endpoint}/oauth2/v2.0/token`

    // Merge previous config and overwrite with our custom Microsoft grant config
    const newGrantConfig = {
      microsoft: {,

    // Overwrite grant Config
    await pluginStore.set({key: 'grant', value: newGrantConfig})

Source : Microsoft provider doesn’t work · Issue #3248 · strapi/strapi (

Hi @NateR42,

As you were part of this thread I would like to ask you something.
Do you have any clue how I can solve this issue?