It would be great if you could support SAML 2.0 for SSO. Also Azure ADFS for SSO.
Please work with Microsoft Entra to allow for differenet permissions for Nolt. From what I can see you need to follow these guidelines:
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works