It would be handy that only adfs is needed as a criteria for assigning users to groups. Now I still need ldap for the groups. The ad groups can be passed with adfs claims. So technically, it seems viable.