mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-17 16:31:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update OIDC documentation for allowed groups filter

Browse Source 
Clarify configuration for allowed groups filter with Microsoft Entra ID.
This commit is contained in:
Acha 2025-11-15 03:45:20 -08:00 committed by nblock
parent 21af106f68
commit e0c9e18e22
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/ref/oidc.md
View File

@ -305,5 +305,13 @@ Entra ID is: `https://login.microsoftonline.com/<tenant-UUID>/v2.0`. The followi
- `domain_hint: example.com` to use your own domain
- `prompt: select_account` to force an account picker during login
Groups for the [allowed groups filter](#authorize-users-with-filters) need to be specified with their group ID instead
When using Microsoft Entra ID together with the [allowed groups filter](#authorize-users-with-filters), configure the
Headscale OIDC scope without the `groups` claim, for example:
```yaml
oidc:
scope: ["openid", "profile", "email"]
```
Groups for the [allowed groups filter](#authorize-users-with-filters) need to be specified with their group ID(UUID) instead
of the group name.