Add callout for group role claims in azureAD (#2040)

* add callout for groups claim type client secret required

* Update azure-ad-authentication.mdx

---------

Co-authored-by: Steve Fenton <[email protected]>

src/pages/docs/security/authentication/azure-ad-authentication.mdx

@@ -1,7 +1,7 @@
 ---
 layout: src/layouts/Default.astro
 pubDate: 2023-01-01
-modDate: 2023-01-01
+modDate: 2023-10-13
 title: Azure Active Directory authentication
 description: Octopus Deploy can use Azure AD authentication to identify users.
 navOrder: 10
@@ -204,6 +204,10 @@ In the Azure portal, navigate to the **Certificates & secrets** page and click *
 Support for OAuth code flow with PKCE was introduced in **Octopus 2022.2.4498**. If you are using a version older than this, the **Client secret** setting is not required.
 :::
 
+:::div{.hint}
+If using Azure AD to synchronize external groups with the 'group' role claim type and the user is a member of more than 200 Azure groups, the client secret field is required.
+:::
+
 To configure Octopus to use Azure AD authentication you'll need:
 
 - The **Client ID**, which should be a GUID. This is the **Application (client) ID** in the Azure App Registration Portal.