We are putting together an Api for our internal systems, we enter into a paradigm of the best way to create a login of users validated by AD returning token with profile being the Profile the group that the user is in AD, we are trying to draw the best way for this implementation, could anyone help? Users are 1 to 1 with the group in AD, a user can only be in a group in AD.
For example, we are building an ADM that will consume API data that will be in Api Web, so we need to create a form of login validation that generates an access token per profile, that profiles will be the groups created in AD, each user will be in a Group Ex .: Administrators, Editors ... etc today we have 5 and we believe that we will not increase, but we can create an Enum or something like ... the biggest doubt is the best way to implement these validations ? we think of jwt.io, but it has little documentation ...