We have a web application, which is developed in ASP.Net MVC, C#, Entity framework & SQL Server 2019. Currently users are using forms authentication to login into this web app for doing their daily activities. Recently one of our customer is requestig us to implement On-premises Active Directory integration. Our app has ‘User List’ with separate UI for managing (add/edit/delete) web app users and role based security for accessing different forms/modules/features. Every user may have more than one role. So, if we integrate On-premises AD into web app, we have following queries. 1. Can we keep open UI for user management? 2. From where admin can create new users? 3. Can we keep link between Azure AD user list & web app user list? 4. Is there any way to allow only particular set/group of AD users to access web app? 5. Can we implement 2FA (sending OTP to mobile/email) at web app level with our own logic (not Azure 2FA)