Workspace search with federated identities (Azure AD): How to configure Document Level Permissions?

I'm trying to figure out if it is possible to use Azure AD as an identity provider for Elastic Workspace search.

Currently I've followed this blog: Elasticsearch (elastic cloud) SSO with Azure AD | by Rajat Panwar | Medium and managed to allow authentication via azureAD.

Now I'm trying to figure out how the document level permissions would work in this case. Looking at this: Managing document access & permissions for content sources | Workplace Search Guide [8.0] | Elastic I can't really figure out what matches these user attributes needed for configuring these permissions. Is it possible to have document level permissions in combination with a federated identity provider?