We’re trying to do the same thing and would like to know how to achieve this.
When trying to set up the OIDC connection using Microsoft’s common URL it fails because their issuer URL has {tenantid} in it which fails to be classified as a proper URL.
From their [documentation page|OpenID Connect (OIDC) on the Microsoft identity platform - Microsoft Entra | Microsoft Learn] you can surmise their global openid-configuration URL is:
https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Just like Orbat, we don’t want to restrict to a particular organisation, we just want anybody with a MS account to sign in. Any advice?