We have a Moodle-based web application that can authenticate users via SAML against an Azure Active Directory enterprise application.
If a user is signed into Azure Active Directory, the visits our Moodle directly in the browser (instead of visiting via the My Applications portal), we want the user to be automatically signed into Moodle as well. This can be achieved via some configuration in Moodle and the Moodle SAML plug-in, but this would prevent unauthenticated visits to Moodle.
If it is possible, we would like to use some API, perhaps Microsoft Graph, to check via AJAX whether the user of the web browser is already signed into Azure Active Directory and belong to our tenant and the correct enterprise application.
