How to use oidc with icingaweb2

There seems to be a way to use Open ID Connect (OIDC) with icingaweb2 …
i’m very interested in this to allow all my users to login to view the current state of things.
2FA for Icinga Web 2 - #22 by valentijnscholten hints it’s possible, GitHub - zmartzone/mod_auth_openidc: OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x explains how to configure the module for different cases (azureAD in my case). Now how to configure icingaweb2 to actually use that?
Can someone provide an example? Also seems to be something that should get added to the docs once figured out :slight_smile:

From what I see the mod sets the REMOTE_USER, so it would be as simple as configuring Apache HTTPd to use the module and then in Icinga Web 2 configure an external authentication. Authentication - Icinga Web 2

Based on how the user is set or what your options with mod_auth_openidc are, Icinga Web 2’s option strip_username_regexp can be useful to get nice usernames.

For permissions you still need to configure roles and this would be still better matched to a group from LDAP than manually managed in Icinga Web 2.