Summary
While configuring Entra SSO I noticed that the documentation (https://docs.defguard.net/2.0/features/external-openid-providers/microsoft) does not mention a second necessary callback url.
Steps to reproduce
Enroll new user with Entra SSO, that works with the 'default' call back url.
But when trying to log in to the Entra SSO you need this second callback url:
https://domain.tld/openid/mfa/callback
Expected behavior
Seamless SSO login
Actual behavior
Defguard version
2.0 beta 1
Environment details
Debian 13
Deployment / install method
Docker / Docker Compose
Relevant logs / output
Relevant configuration (redacted)
Summary
While configuring Entra SSO I noticed that the documentation (https://docs.defguard.net/2.0/features/external-openid-providers/microsoft) does not mention a second necessary callback url.
Steps to reproduce
Enroll new user with Entra SSO, that works with the 'default' call back url.
But when trying to log in to the Entra SSO you need this second callback url:
https://domain.tld/openid/mfa/callback
Expected behavior
Seamless SSO login
Actual behavior
Defguard version
2.0 beta 1
Environment details
Debian 13
Deployment / install method
Docker / Docker Compose
Relevant logs / output
Relevant configuration (redacted)