Hello,
When using SAML for authentication on Cisco FTD and authorize only for secondary the username is masked out by the assertion token. Are there any attributes in the SAML token that can be used for authorization? Say, if I wanted to switch tunnel-group associated with that authentication?
Say for example if you use DUO MFA, sAMAccountName and Groups are apart of the directory sync are we able to see this for authorization purposes? If not, how would one go about using SAML and RADIUS as a combination? Primary Auth RADIUS to ISE and Secondary Auth SAML to DUO?