From 63d3cf93fe1e6cc56c839b8ed91e47a2eb425deb Mon Sep 17 00:00:00 2001
From: Vardan Torosyan <vardants@gmail.com>
Date: Thu, 12 Dec 2024 15:17:46 +0100
Subject: [PATCH] Docs: Clarify when force_use_graph_api is required for Azure
 (#97844)

---
 .../configure-authentication/azuread/index.md                   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md b/docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md
index 4c4d8d6e81e..d839ec7df4a 100644
--- a/docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md
+++ b/docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md
@@ -380,6 +380,8 @@ Entra ID does not emit the groups claim in the token and emits a group overage c
 If Grafana receives a token with a group overage claim instead of a groups claim,
 Grafana attempts to retrieve the user's group membership by calling the included endpoint.
 
+To ensure this functionality works correctly, you must enable [`force_use_graph_api`]({{< relref "./#force-fetching-groups-from-microsoft-graph-api" >}}) in your configuration.
+
 {{% admonition type="note" %}}
 The 'App registration' must include the `GroupMember.Read.All` API permission for group overage claim calls to succeed.