New Registration
Ona
Web
https://app.gitpod.io/auth/oidc/callback
email
openid
profile
email
claim is part of the standard OIDC specification, depending on the setup, Microsoft Entra ID does not include it by default in ID tokens. Under Manage, select Token configuration and fix this:
email
scopeNote: Validate the Issuer URL by checking the OIDC Discovery location. In some configurations, the Issuer URL needs to be adjusted.
https://login.microsoftonline.com/{tenant}/v2.0
, the OIDC Discovery location is https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration
. Open this URL in your browser and check the issuer
field.
issuer
field in the OIDC Discovery output and ensure this matches the Authority URL (Issuer URL).
If not, e.g. if it reads like https://sts.windows.net/{tenant}
, please try again with{authority_url}/v2.0/.well-known/openid-configuration
and use {authority_url}/v2.0
as Issuer URL in Ona’s SSO setup.