i set up the Cloud Exchange in SSO with Azure AD. When a user authenticates to AzureAD via username and password, the SSO login on the cloud exchange works correctly. If the user logs in to AzureAD with windows Hello and with biometric recognition, SSO login on Cloud Exchange does not work. It could be a problem related to the type of token issued by Azure AD and consequently to a parameter that Netskope CE does not recognize.
@NicolaScand can you capture a HAR and/or SAML tracer with both flows? I'm not sure what would cause the Windows Hello issue. I have also asked our internal Cloud Exchange team if this is expected or not.
Sam Shiflett Netskope Solution Architect - North America