I wrote a bit about "low change" integration of Entra External ID as login for a #Sitecore website a while back - but further project discussion lead to trying Ping Identity as well. They offer a different model - where you don't need all the redirects:

https://blog.jermdavis.dev/posts/2024/integrating-ping