Now that Spring Security supports looking up the tenant by way of the issuer in the payload, the configuration for this and the main login sample are the same.