...
The following are tips for clients how to configure an Azure AD instance. This is just an experience report. The following will always be part of the clients infrastructure and we will not configure anything in there.
Azure AD Configuration:
Step 1: Create an App registration in Azure AD (tab App Registrations)
Step 2: Configure Supported Account types
The value should be “Only Account from this AD” (single tenant)
Also see https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
Step 3: Add a redirect URI to the App Registration
The redirect URI will be the following with a replacement for our okta domain: https://<our-okta-domain>/oauth2/v1/authorize/callback
For Production: https://access.questback.com/oauth2/v1/authorize/callback
Step 4: Add permission for “UserRead” to that App Registration
The value will be https://graph.microsoft.com/User.Read
Step 5: Add optional claims to the manifest of the created App Registration in Azure AD.
The family_name and the given_name have to be sent.
...