You can have a look at the OIDC connector from Mendix. This will allow you to provision users based on their Active Directory groups and provide a seamless experience.
Make sure to redirect from the login.html to the relevant endpoint. You might want to do so by enabling anonymous users and making this a dynamic login page, where you can toggle this functionality on/off depending on the environment.
Additionally, make sure to authorize from AD groups and not directly in the application, as otherwise authorizations will not transfer over to other applications.