Entra SAML and Security Group Information
I am trying to configure the Mobile VPN with SSL to restrict network access by group membership. Specifically, users in SG_Contractors should have limited access while SG_Internal should have full access to network resources. This was possible and was configured with AD authentication and is documented in this video.
I don't know what I'm missing, but I can't get it to work when I move to Entra ID SAML Auth.
I've followed the official procedure here and can successfully authenticate with a user in either security group (these are hybrid security groups, if that matters). However, firewall policies based on group membership aren't taking effect and even with Authentication and SSLVPN logging at the Debug level, I can't verify that group information is being passed to the firebox.
Is there any special configuration needed on the Entra side to implement this?