Hi there,
I’ve created and tested my powershell script on a linux vm.
If could always create an ADFS service if you already have a domain controller.
Tough I never liked the syncing of password hashes into Entra AD - hence this Keycloak based flow.
You could always develop your own application facilitating Microsoft Graph and doing a group check in your own IdM to rollout an Entra ID account.