How to Access Tenant ID in Microsoft IDP Schema Attributes

We have enabled multi-organization support in Microsoft app registration. Once a user is authenticated, we can fetch the “tid” (tenant ID) as part of the ID claims. However, this tenant ID is not included in the schema attributes for the Microsoft IDP provided by Okta, whereas Google includes Organization and Domain as part of its IDP schema attributes.

Is there a way for us to access the tenant ID for the Microsoft IDP as part of the schema attributes?

Hi Chaitanya,

Thank you for writing to Okta Devforum. My name is Akash, from Okta.

With regards to your query, I would like to get some additional context on the same. Could you please elaborate more on the Microsoft IDP that you are currently using along with the documentation that you are currently referring to?

This will help me understand them better and get you the right resources or insights.

Hi Akash,

I’m reaching out regarding the Microsoft Social Identity Provider (IDP) integration with Okta. I’ve noticed that certain attributes included in the identity token from Microsoft IDP, such as “tid” (tenant ID), are not listed in the schema attributes available in Okta.
Could you please clarify why some attributes are missing and if there’s a way to handle this in our integration?
References:
Okta Help Center (Lightning)
Active Directory attribute mappings to Okta properties | Okta
Thanks,
Chaitanya

The Microsoft Social Identity Provider does not use Tenant IDs. If you want to set up an IdP connection to Microsoft that is specific to your tenant, you would want to set it up manually as a OpenID Connect Identity Provider, as in this guide: Enterprise Identity Provider - Azure AD | Okta Developer. In this guide, you’ll see that you need to configure the endpoints that Okta will use to communicate with Microsoft, and that these endpoints must contain the tenant ID.