I have a .NET Core web application running on an EC2 instance. My requirements include that AD users of a specific domain be able to access it. Other security measures will restrict access to the web app to this domain's users exclusively. Not logged into the domain? No access. No exceptions. What I need to do is to differentiate those users; two different groups and I need to be able to differentiate those users in the web app's code base as some pages will render slightly differently for some users. Is this something I can do with Cognito or with Identity Center? I cannot implement Authentication in the app itself.