ADFS can be used as as an OpenID Connect identity provider.
This stack overflow step though is a great resource, followed by This IBM resource for granting the correct permissions.
Where the IBM resource adds 2 individual permissions, 3 are needed and can be performed in one command - e.g.
Set-AdfsApplicationPermission -TargetIdentifier fe56f061-c689-45e8-af8d-b8fdf5d1e60f -AddScope 'openid','aza','allatclaims'
Extra claims (for example users display name) can be added using a similar approach to the groups.
ADFS provides a well known configuration endpoint which can be used for automating endpoint configuration. It also supports PKCE verification for additional security.
Without any extra claims, the user field should be set to upn