here's my case. The customer has all the users in AD and Azure AD (AAD). When the user logs in to the computer, he uses his AD login account.
They want to use the MS Azure MFA (multi factor authentication). I want the users to have a single sign-on, so it has to be the Current User, not Windows User. There are different domains: local one and Azure one.
Is it the proper way to do that:
1. integrate users with AD users
2. sync M-Files with AAD (CONFIGURING AZURE ACTIVE DIRECTORY SYNCHRONIZATION PLUGIN): here I have set two things: A) AAD users are not imported (Import External Accounts = NO); B) I have set the domain mapping for Account names (AAD domain:localDOMAIN, which is used by M-FIles)
3. configure the Federated Authentication, following this document: FEDERATED VAULT AUTHENTICATION WITH AZURE ACTIVE DIRECTORY