First, you can read more about logging in using custom auth providers for logging in using our Appfarm documentation
In regards to your questions:
There is a checkbox when setting up custom authentication which is called “Auto Create Account”. See the screenshot under. If this checkbox is ticked, then the Appfarm user is automatically created if the user is logging in for the first time.
However, if you want to map user access in Appfarm based on user access in Azure, this is currently not possible upon logging in. The best way to do this is to run a schedule which uses Microsoft Graph API to read users and their access groups from Azure. From here, you can map the users to roles in Appfarm, based on their access in Azure. This will mean that the user objects are already created and given roles automatically, so the checkbox mentioned above should in this case not be enabled.
so this means we can autocreate without the ability to use pre-existing criteria like user or group membership, OR use pre-existing criteria like user or group membership but only with already created appfarm users. Have i understood correctly?
This is correct! When autocreating a user, Appfarm does not take any data about their access in the external system, just their name and email address.
With the use of a schedule, you can create new users and update existing users based on group information/access rights taken from Azure, and use this to keep the user list updated automatically in Appfarm. This will mean that users will need to be added in Azure and synced with Appfarm before they can log in to the Appfarm system.