Hi Dan,
I have a working setup. Here's my config: openid-authorization-endpoint: https://login.microsoftonline.com/{tennentid}/oauth2/v2.0/authorize openid-jwks-endpoint: https://login.microsoftonline.com/{tennentid}/discovery/v2.0/keys openid-issuer: https://login.microsoftonline.com/{tennentid}/v2.0 openid-client-id: {clientid} openid-redirect-uri: https://hostname.publicdomainname.tld openid-username-claim-type: email openid-groups-claim-type: groups Make sure you setup groups as claim (azure ad>token configuration>app registrations>{app}) and sAMAccountName as token property for your claim types. You should be good to go now! Best regards, Marcel
