doc: Document how to skip email verification

TheThingsIndustries · Oct 5, 2023 · abe8c0b · abe8c0b
1 parent ea69489
commit abe8c0b
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/doc/content/reference/federated-auth/oidc/microsoft-entra.md b/doc/content/reference/federated-auth/oidc/microsoft-entra.md
@@ -16,6 +16,7 @@ This page guides you with the necessary steps to login to {{% tts %}} using your
 3. A {{% tts %}} account with admin rights.
 4. The Things Stack Enterprise command line interface (`tti-lw-cli`).
 5. Choose a Provider ID (ex: `microsoft-entra`). It must be between 3 and 36 characters and can only contain lower-case alphanumeric letters and dashes. Multiple, leading and/or trailing dashes are not allowed.
+6. An Email ID regex that is allowed to login. For example, if you want to only allow users from your domain, the regex would be `.*@example.com`.
 
 ## Disclaimer
 
@@ -52,17 +53,19 @@ Login to {{% tts %}} via the CLI.
 Register the provider. Set the following values
 
 ```bash
-OIDC_PROVIDER_ID="provider ID"                          # Provider ID from above.
-OIDC_PROVIDER_NAME="My OIDC Provider"                   # Name used to display on the Console.
-OIDC_CLIENT_ID="client123"                              # Client ID is the Secret ID above.
-OIDC_CLIENT_SECRET="secret123"                          # Client Secret is the secret Value from above..
-MICROSOFT_TENANT="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+OIDC_PROVIDER_ID="provider ID"                              # Provider ID from above.
+OIDC_PROVIDER_NAME="My OIDC Provider"                       # Name used to display on the Console.
+OIDC_CLIENT_ID="client123"                                  # Client ID is the Secret ID above.
+OIDC_CLIENT_SECRET="secret123"                              # Client Secret is the secret Value from above..
+OIDC_MICROSOFT_TENANT="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+OIDC_ALLOWED_EMAIL_REGEX=".*@example.com"                   # This is a required field to skip email verification.
 ```
 
 ```bash
 $ tti-lw-cli ap create $OIDC_PROVIDER_ID \
     --name $OIDC_PROVIDER_NAME \
     --allow-registrations true \
+    --allowed-email-regex  $OIDC_ALLOWED_EMAIL_REGEX \
     --configuration.provider.oidc.client-id $OIDC_CLIENT_ID \
     --configuration.provider.oidc.client-secret $OIDC_CLIENT_SECRET \
     --configuration.provider.oidc.provider-url https://login.microsoftonline.com/$MICROSOFT_TENANT/v2.0