Add troubleshooting for enterprise installations

docs/TROUBLESHOOTING.md

@@ -165,6 +165,37 @@ ways to fix this issue:
     5. Push
     ```
 
+## Issuer in ID Token does not match the expected ones
+
+If you get an error like:
+
+```text
+The issuer in ID Token https://github.<company>.net/_services/token does not match the expected ones: https://token.actions.githubusercontent.com/
+```
+
+it means that the OIDC token's issuer and the Attribute Mapping do not match.
+There are a few common reasons why this happens:
+
+1.  You made a typographical error. If you are using the public version of
+    GitHub (https://github.com), the value for the `oidc.issuerUri` should be
+    `https://token.actions.githubusercontent.com`.
+
+1.  You are using a GitHub Enterprise _Cloud_ installation and your GitHub
+    administrator has configured a [unique token
+    URL](https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#switching-to-a-unique-token-url).
+    Use that URL for `oidc.issuerUri` instead of the public value. You must
+    contact your GitHub administrator for assistance - our team does not have
+    visibility into how your GitHub Enterprise Cloud instance is configured.
+
+1.  You are using a GitHub Enterprise _Server_ installation. In this case, you
+    must contact your GitHub administrator to get the URL for OIDC token
+    verification. This is usually `https://github.company.com/_services/token`,
+    but it can be customized by the installation. Furthermore, your GitHub
+    administrator may have disabled this functionality. You must contact your
+    GitHub administrator for assistance  - our team does not have visibility
+    into how your GitHub Enterprise Server instance is configured.
+
+
 <a name="aggressive-replacement"></a>
 
 ## Aggressive *** replacement in logs