diff --git a/raphtory-graphql/readme.md b/raphtory-graphql/readme.md
index d2b82941f6..07851d0895 100644
--- a/raphtory-graphql/readme.md
+++ b/raphtory-graphql/readme.md
@@ -73,6 +73,21 @@ To enable authentication for the Raphtory-GraphQL server, you need to set up a `
 
 5. **Set the Authority:**
     - The `AUTHORITY` is typically in the format `https://login.microsoftonline.com/{TENANT_ID}`.
+  
+6. **Set the redirection URLS**
+    - Next you need to set the redirection URLs, Go to the Manage > Authentication and add the following, note you can change `http://localhost:1736` to a custom url if it is different
+    - "http://localhost:1736/"
+    - "http://localhost:1736/auth/callback"
+  
+7. **Set some permissions**
+    - Next we need to set some permissions onto the application so we able to use it.
+    - Go to Manage > Expose an API > Add a scope
+          - Set Scope NAme, Admin Consent Display name and Admin consent description to "public-scope" without quotes
+          - Set Who can consent? To Admin and Users,
+          - Click Add Scope
+   - Go to Manage > API Permissions. Then remove any existing permissions include the Microsoft Graph default permissions.
+   - Now the next step, if you just made the scope it may not show up and can take a while, wait 10-20 mins, refresh the page and return if you do not see the app
+   - Click Add a permission > Under APIs my organization uses > type in the name of your app, and click on the name, you will see it comes up with a "Select permissions" page, select the "public-scope" permission we just made and finally click "Add permissions" on the bottom of the page 
 
 #### Example .env File
 
diff --git a/raphtory-graphql/src/azure_auth/common.rs b/raphtory-graphql/src/azure_auth/common.rs
index 28050797f4..8cc5c67032 100644
--- a/raphtory-graphql/src/azure_auth/common.rs
+++ b/raphtory-graphql/src/azure_auth/common.rs
@@ -57,6 +57,7 @@ pub struct AppState {
 pub async fn login(data: Data<&AppState>, jar: &CookieJar) -> Redirect {
     let session_id = uuid::Uuid::new_v4().to_string();
     let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
+    let client_id_str = env::var("CLIENT_ID").expect("CLIENT_ID not set");
     let (authorize_url, csrf_state) = data
         .oauth_client
         .authorize_url(CsrfToken::new_random)
@@ -65,7 +66,7 @@ pub async fn login(data: Data<&AppState>, jar: &CookieJar) -> Redirect {
         .add_scope(Scope::new("email".to_string()))
         .add_scope(Scope::new("offline_access".to_string()))
         .add_scope(Scope::new(
-            "a10e734e-cb36-46ca-bbfd-c298e15b6327/public-scope".to_string(),
+            format!("{}/public-scope", client_id_str).to_string(),
         ))
         .url();