We currently use Cisco Duo with LDAPS for our SSL VPN Clients. On the firewall (ASA5508) we have Dynamic Access Policies in place, allowing certain Active Directory groups access to certain subnets.
When testing moving to SAML (Hybrid AzureAD with ...