The procedure whose name is configured in the system setting SingleSignOnAzureSignInProcedure is called each time a user signs in using Azure AD (Microsoft Entra ID). Its purpose is to customize the user's account and permissions. You can leave SingleSignOnAzureSignInProcedure empty if you do not need a custom procedure, and users will still be able to sign in.
You are allowed to call SoftadminApi.User_InsertUpdate if you need to modify the user but you must not change the username or disable the user.
To access information about the user's group memberships, you can refer to the temporary tables #AzureAdGroup and #AzureAppRole. These temporary tables will only include ids for groups and roles that are also present in the SoftadminApi.AzureAdGroup and SoftadminApi.AzureAppRole tables.
CREATE TABLE #AzureAdGroup
(
AzureAdGroupId uniqueidentifier
)
CREATE TABLE #AzureAppRole
(
AzureAppRoleId uniqueidentifier
)