diff --git a/src/pages/selfhosted/identity-providers.mdx b/src/pages/selfhosted/identity-providers.mdx
index fb5a83ac..a354d5f7 100644
--- a/src/pages/selfhosted/identity-providers.mdx
+++ b/src/pages/selfhosted/identity-providers.mdx
@@ -566,7 +566,7 @@ You've configured all required resources in Authentik. You can now continue with
## Managed IDPs
-### Azure AD
+### Azure AD (Microsoft Entra ID)
This guide is a part of the [NetBird Self-hosting Guide](/selfhosted/selfhosted-guide) and explains how to integrate **self-hosted** NetBird with [Azure AD](https://azure.microsoft.com/en-us/products/active-directory/).
@@ -639,7 +639,8 @@ In this step, we will create and configure NetBird application in azure AD.
#### Step 4. Add API permissions
-- Add `Netbird` permissions
+Add `Netbird` permissions
+
- Click `API permissions` on the left menu
- Click `Add a permission`
- Click `My APIs` tab, and select `Netbird`. Next check `api` permission checkbox and click `Add permissions`.
@@ -648,7 +649,8 @@ In this step, we will create and configure NetBird application in azure AD.
-- Add `Delagated permissions` to Microsoft Graph
+Add `Delegated permissions` to Microsoft Graph
+
- Click `Add a permission`
- Click `Microsoft Graph` and then click `Application permissions` tab
- In `Select permissions` search for `User.Read` and under the `User` section select `User.Read.All` and click `Add permissions`
@@ -658,7 +660,7 @@ In this step, we will create and configure NetBird application in azure AD.
-- Click `Grant admin conset for Default Directory` and click `Yes`
+- Click `Grant admin consent for Default Directory` and click `Yes`
@@ -680,9 +682,12 @@ In this step, we will create and configure NetBird application in azure AD.
+- Click `Overview` on left menu and take note of `Application (client) ID`, `Object ID` and `Directory (tenant) ID`
+will be required in next step.
+
Your authority OIDC configuration will be available under:
```bash
-https://login.microsoftonline.com//v2.0/.well-known/openid-configuration
+https://login.microsoftonline.com//v2.0/.well-known/openid-configuration
```
Double-check if the endpoint returns a JSON response by calling it from your browser.
@@ -691,21 +696,22 @@ https://login.microsoftonline.com//v2.0/.well-known/openid-configurat
- Set properties in the `setup.env` file:
```shell
NETBIRD_DOMAIN=""
-NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://login.microsoftonline.com//v2.0/.well-known/openid-configuration"
+NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://login.microsoftonline.com//v2.0/.well-known/openid-configuration"
NETBIRD_USE_AUTH0=false
-NETBIRD_AUTH_CLIENT_ID=""
-NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api:///api"
-NETBIRD_AUTH_AUDIENCE=""
+NETBIRD_AUTH_CLIENT_ID=""
+NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access User.Read api:///api"
+NETBIRD_AUTH_AUDIENCE=""
NETBIRD_AUTH_REDIRECT_URI="/auth"
NETBIRD_AUTH_SILENT_REDIRECT_URI="/silent-auth"
NETBIRD_AUTH_USER_ID_CLAIM="oid"
+NETBIRD_TOKEN_SOURCE="idToken"
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
NETBIRD_MGMT_IDP="azure"
-NETBIRD_IDP_MGMT_CLIENT_ID=""
+NETBIRD_IDP_MGMT_CLIENT_ID=""
NETBIRD_IDP_MGMT_CLIENT_SECRET=""
-NETBIRD_IDP_MGMT_EXTRA_OBJECT_ID=""
+NETBIRD_IDP_MGMT_EXTRA_OBJECT_ID="
@@ -680,9 +682,12 @@ In this step, we will create and configure NetBird application in azure AD.
-- Add `Delagated permissions` to Microsoft Graph
+Add `Delegated permissions` to Microsoft Graph
+
- Click `Add a permission`
- Click `Microsoft Graph` and then click `Application permissions` tab
- In `Select permissions` search for `User.Read` and under the `User` section select `User.Read.All` and click `Add permissions`
@@ -658,7 +660,7 @@ In this step, we will create and configure NetBird application in azure AD.
-- Click `Grant admin conset for Default Directory` and click `Yes`
+- Click `Grant admin consent for Default Directory` and click `Yes`