Prerequisites:
OPNsense must use AD DNS (do not use DNS from DHCP/WAN)
OPNsense must have a hostname in AD DNS (A and PTR)
OPNsense must be in sync with AD DNS time (use one IP of AD in NTP)
OPNsense must be in same domain as AD (hostname configuration page)
Create a new Authorization server with ssoproxyad type

Configuration:
Configure Single-Sign-On page with appropriate information
Execute joinDomain button
OPNsense should be in AD in computers OU
Reset comptuers from AD
Execute UpdateDomain
Select Authorization server in Proxy page

Todo:
Add cron job for auto-update keytab
Test button should test prerequisites