Hello everyone,
I've been pondering over a particular aspect of our SAML - Forward Proxy configuration and would appreciate some insights from the community. Specifically, I've noticed that the SAML Entity ID remains the same across all methods, whether it's IPSEC, GRE, Cloud Explicit Proxy, or Client Enrollment.
This uniformity in SAML Entity ID across various methods has raised some concerns for me, particularly in relation to compatibility with Azure AD. As some of you may already know, Azure AD supports only a unique SAML Entity ID for each Azure AD tenant.
Given this limitation, I'm curious about the rationale behind having a single SAML Entity ID for all methods within our SAML - Forward Proxy configuration. Has anyone encountered similar challenges with Azure AD integration due to this setup? If so, how have you addressed or worked around it?
The goal is to only allow for the method “Client Enrollment” a specific Azure AD group. For that i will have two Enterprise Apps “Netskope User Authentication”, one for the IPSEC and GRE methods and another one only for “Client Enrollment”.
Thanks
TP