...
Login to the Cockpit and click the "Identity Provider" menu item. The OpenID Connect configuration page will open.
Fill in a connection name of your choice. This name will appear on your users' login button. (e.g. "Microsoft Entra ID")
Leave the "Automatically discover endpoints" option enabled and enter as Issuer the following URL: https://login.microsoftonline.com/{tenantId}/v2.0
The tenant ID must be substituted with the value found on the Microsoft Entra ID application registration overview as Directory (tenant) ID:
Please note: Depending on your configuration, you might have to use the older API version. If login doesn't work with your setup, try to remove /v2.0 from the issuer URL:
https://login.microsoftonline.com/{tenantId}Fill in the client ID that you can also find in the application registration overview as Application (client) ID
Fill in the client secret from the value you previously generated under "Certificates & Secrets"
Fill the Scope field with the following values: openid email profile
At this point, the form should be complete, and the connection should be saved by clicking "Save."
If you want to automatically map Microsoft Entra ID groups to piplanning app teams, you need to add a “groups“ value to the Groups Claim field. For a Group claim to work correctly, you need to use v2.0 at the end of the Issuer string. Older versions are not supported. (Example: https://login.microsoftonline.com/<id>/v2.0)
The login screen will now add the option to log in with Microsoft Entra ID.
...