Your comments

Hey Jas, no unfortuntely not. It's not currently possible. I ended up configuring SAML instead, which was a fair bit more verbose than OAuth. ConnectWise support acknowledged this, but didn't make any promises to implement support via OAuth. The only sugegstion they made was to raise a feature request here, which I couldn't be bothered raising at the time:

Yeah this is a show stopper for us. I'm actually surprised I can't find any official documentation for integrating with Azure using OAuth given I'd imagine this would be one of, if not the, most popular SSO endpoints.

It looks like what they need to do is allow the user to specify which data object (userinfo endpoint, id token, access token) the desired OAuth key/attribute lives in. Also, Azure returns the roles as a JSON array as opposed to a comma seperated list, so ConnectWise Control needs to handle JSON arrays correctly (if it doesn't already).

Something like this for example: