From abe8c0b825cf822f43ea92f02095a04fdbd165b6 Mon Sep 17 00:00:00 2001
From: Krishna Iyer Easwaran <krishna@thethingsindustries.com>
Date: Thu, 5 Oct 2023 17:10:01 +0530
Subject: [PATCH] doc: Document how to skip email verification

---
 .../federated-auth/oidc/microsoft-entra.md          | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/doc/content/reference/federated-auth/oidc/microsoft-entra.md b/doc/content/reference/federated-auth/oidc/microsoft-entra.md
index fc3a430fda..a3af9e48ae 100644
--- a/doc/content/reference/federated-auth/oidc/microsoft-entra.md
+++ b/doc/content/reference/federated-auth/oidc/microsoft-entra.md
@@ -16,6 +16,7 @@ This page guides you with the necessary steps to login to {{% tts %}} using your
 3. A {{% tts %}} account with admin rights.
 4. The Things Stack Enterprise command line interface (`tti-lw-cli`).
 5. Choose a Provider ID (ex: `microsoft-entra`). It must be between 3 and 36 characters and can only contain lower-case alphanumeric letters and dashes. Multiple, leading and/or trailing dashes are not allowed.
+6. An Email ID regex that is allowed to login. For example, if you want to only allow users from your domain, the regex would be `.*@example.com`.
 
 ## Disclaimer
 
@@ -52,17 +53,19 @@ Login to {{% tts %}} via the CLI.
 Register the provider. Set the following values
 
 ```bash
-OIDC_PROVIDER_ID="provider ID"                          # Provider ID from above.
-OIDC_PROVIDER_NAME="My OIDC Provider"                   # Name used to display on the Console.
-OIDC_CLIENT_ID="client123"                              # Client ID is the Secret ID above.
-OIDC_CLIENT_SECRET="secret123"                          # Client Secret is the secret Value from above..
-MICROSOFT_TENANT="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+OIDC_PROVIDER_ID="provider ID"                              # Provider ID from above.
+OIDC_PROVIDER_NAME="My OIDC Provider"                       # Name used to display on the Console.
+OIDC_CLIENT_ID="client123"                                  # Client ID is the Secret ID above.
+OIDC_CLIENT_SECRET="secret123"                              # Client Secret is the secret Value from above..
+OIDC_MICROSOFT_TENANT="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+OIDC_ALLOWED_EMAIL_REGEX=".*@example.com"                   # This is a required field to skip email verification.
 ```
 
 ```bash
 $ tti-lw-cli ap create $OIDC_PROVIDER_ID \
     --name $OIDC_PROVIDER_NAME \
     --allow-registrations true \
+    --allowed-email-regex  $OIDC_ALLOWED_EMAIL_REGEX \
     --configuration.provider.oidc.client-id $OIDC_CLIENT_ID \
     --configuration.provider.oidc.client-secret $OIDC_CLIENT_SECRET \
     --configuration.provider.oidc.provider-url https://login.microsoftonline.com/$MICROSOFT_TENANT/v2.0