diff --git a/models/auth.model b/models/auth.model
index 0272a2d4b..68bb8516b 100644
--- a/models/auth.model
+++ b/models/auth.model
@@ -2,6 +2,35 @@
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later
 
+
+-- | AzureADv2 (Microsoft Graph) user authentication sources, parsed from application settings
+-- | Note: No host specification is needed since Azure authentication is always requested at https://graph.microsoft.com/ (Microsoft Graph API)
+AuthSourceAzure
+  clientId       UUID         -- ^ Azure Client ID of this application
+  clientSecret   Text         -- ^ Azure Client Secret of this application
+  tenantId       UUID         -- ^ Azure Tenant ID of the Azure source
+  scopes         AzureScopes  -- ^ Azure Scopes this application (client) is authorized for
+  UniqueAuthSourceAzure clientId -- TODO rethink!
+  Primary clientId -- TODO rethink!
+  deriving Show Eq Ord Generic
+
+-- | LDAP user authentication sources, parsed from application settings
+AuthSourceLdap
+  host           Text         -- ^ LDAP host destination to connect to
+                              -- TODO: switch to url type
+  port           Natural      -- ^ Port of the LDAP service to connect to
+                              -- TODO: is there a port type? Maybe merge with host and make primary key?
+  tls            Bool         -- ^ Whether to connect to the host via TLS
+  user           Text         -- ^ User used for queries
+  pass           Text         -- ^ Password used for queries
+  baseDn         Text
+  scope          LdapScope
+  timeout        Natural      -- ^ Query timeout in milliseconds
+  searchTimeout  Natural      -- ^ Search query timeout in milliseconds
+  UniqueAuthSourceLdap host port -- TODO rethink!
+  deriving Show Eq Ord Generic
+
+
 -- | User authentication data, source-agnostic data
 UserAuth
     ident     UserIdent                    -- Human-readable text uniquely identifying a user