Dashboard oriented authentication, with Azure AD SSO - anyone done that?

We have a use case where we we need to set up Kibana dashboards for various groups of users.
Users need to authenticate them to get access and this needs to support Azure ActiveDirectory.

The roles associated with different users will essentially only control which dashboards they can see when they login. There is no limit as to what indices they may be able to access.

This is a different use case from what Shield supports, so that one will not be useful here - and it does not support Azure AD either, which is a requirement.

So I wanted to check if others has set up something like this and how that was solved? I can think of a few ways to do it, but gladly use something that is proven already.