Wanted to add one additional piece to this, if you require multiple TG's and, as such, multiple Azure apps, you can import your own certificate which may be used across multiple apps for SAML in Azure. https://docs.microsoft.com/en-us/azure/active-di...