Best practices for centralized identity/auth for multiple internal applications

Question

We have about 10 internal .NET Core 2.1+ and .NET 5 MVC web applications, all using Windows auth with hard-coded permissions based on AD groups. Some extend roles and permission