PM-3385 added support for OIDC internal authorization. DOCS-16489 and DOCS-16487 covered the documentation work needed to explain the new fields added to the OIDC configuration in order to configure machine flow IdPs or OIDC internal authorization.

We would also like to have a dedicated documentation page detailing how a customer can set up OIDC authentication with internal authorization. The page should highlight the following steps:

1. Include MONGODB-OIDC in the authenticationMechanisms server parameter at startup.
2. Configure the oidcIdentityProviders server parameter at startup to contain all IdP configurations. If any one of these are intended to be for internal authorization, make sure that they contain the useAuthorizationClaim field set to false and do NOT include the authorizationClaim field.
3. Once the server has been started, do the following:
   1. For each expected user belonging to an identity provider that will use internal authorization, run the createUser command. The user should be on the $external database and be in the format {authNamePrefix}/{principalNameClaimValue}, indicating that it can be correlated with tokens for that user. Include the expected MongoDB roles that each of these users should have in the createUser invocation.
4. Now, clients should be able to authenticate using MONGODB-OIDC to present access tokens. If the issuer of the token corresponds to an IdP registration that has useAuthorizationClaim: false and the server finds a user on $external corresponding to the token's principal, then the client will authenticate successfully and be authorized with the roles corresponding to that MongoDB user.