When trying to set up Azure AD login in K2021.2 and you are getting an invalid redirect URL error, there is an easy way to fix this. When you start the login process for Azure AD enabled users, you get this screen.
Clicking Log in takes you to the Azure AD login screen:
If you look in the address bar, you will see the URL that Azure AD is looking for in the Application configuration for your Server registration starting with this query parameter:
Make sure these match regardless of what any documentation might say. 
In K2021.2, “/Apps/Erp/” is missing in the URI the documentation and you’ll get the redirect url error.
The purpose of adding the redirect URIs in the Azure AD Application registration is to prevent a malicious app from redirecting you to another site with your credentials. Now go enjoy your MFA-enabled Kinetic application.