Mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-23 10:25:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Update OIDC documentation for allowed groups filter
Some checks failed
Build / build-nix (push) Has been cancelled
Details
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Details
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Details
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Details
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Details
Check Generated Files / check-generated (push) Has been cancelled
Details
Deploy docs / deploy (push) Has been cancelled
Details
NixOS Module Tests / nix-module-check (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details

Browse source 
Clarify configuration for allowed groups filter with Microsoft Entra ID.
This commit is contained in:
Acha 2025-11-15 03:45:20 -08:00 committed by nblock
parent 21af106f68
commit e0c9e18e22
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/ref/oidc.md
View file

@ -305,5 +305,13 @@ Entra ID is: `https://login.microsoftonline.com/<tenant-UUID>/v2.0`. The followi
- `domain_hint: example.com` to use your own domain
- `prompt: select_account` to force an account picker during login
Groups for the [allowed groups filter](#authorize-users-with-filters) need to be specified with their group ID instead
When using Microsoft Entra ID together with the [allowed groups filter](#authorize-users-with-filters), configure the
Headscale OIDC scope without the `groups` claim, for example:
```yaml
oidc:
scope: ["openid", "profile", "email"]
```
Groups for the [allowed groups filter](#authorize-users-with-filters) need to be specified with their group ID(UUID) instead
of the group name.