Document required OAuth callback URL for Azure subscription connections (#59426)

Copilot · gmondello · sunbrye · web-flow · commit 57a21fb4f8fb · 2026-02-05T15:53:44.000Z
Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: gmondello &lt;72952982+gmondello@users.noreply.github.com&gt;
Co-authored-by: Sunbrye Ly &lt;56200261+sunbrye@users.noreply.github.com&gt;
diff --git a/content/admin/data-residency/network-details-for-ghecom.md b/content/admin/data-residency/network-details-for-ghecom.md
@@ -215,6 +215,28 @@ Japan region:
 * `prodjpw01resultssa2.blob.core.windows.net`
 * `prodjpw01resultssa3.blob.core.windows.net`
 
+### OAuth callback URL for connecting an Azure subscription for billing
+
+When you connect or update an Azure subscription for billing, you must allow access to the following URL:
+
+* `https://github.com/enterprises/oauth_callback`
+
+This URL is required during the OAuth authentication flow that occurs when:
+
+* Connecting an Azure subscription to your enterprise for the first time
+* Changing or updating an existing Azure subscription connection
+
+> [!IMPORTANT]
+> * The URL must be allowed with all query parameters, for example `https://github.com/enterprises/oauth_callback?code=...`
+> * After the Azure subscription is successfully connected and the subscription ID is stored, you can remove this URL from your allowlist
+> * To change or update your Azure subscription, you must add the URL back to your allowlist
+
+The OAuth flow works as follows:
+
+1. The user starts the connection process on `SUBDOMAIN.ghe.com`
+1. Azure redirects to `https://github.com/enterprises/oauth_callback` to complete the OAuth flow
+1. The system redirects back to `SUBDOMAIN.ghe.com` to finalize the connection
+
 ## IP ranges for {% data variables.product.prodname_importer_proper_name %}
 
 If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
