Hi Kostas,
2nd trustpoint is configured on the ASA(in this case acting as service provider) itself for the ID certificate issued to ASA.
Check this doc I wrote for SAML with Duo and look for the trustpoint "ID_CERT" and you will see the configuration for it on ASA.
The same logic applies to Azure SAML integration.
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215672-integrate-duo-saml-sso-with-anyconnect-s.htmlThank you,
Dinesh Moudgil
P.S. Please rate helpful posts.
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/