We're currently using a SaaS-based AirWatch combined with an ACC for facilitating AD directory integration with our on premises AD Domain Controllers for authentication when enrolling and logging into the web console, but also for importing users and AD security groups and mapping these to User Groups/Assignment Groups for being able to automate placing devices into correct OG's and automate deployment of applications to the necessary groups.
We were about to start looking into implementing ADFS for SAML Authentication when we were asked by our Security Administrator to look into integration with Azure AD for Identity Services instead so that we can take advantage of conditional access policies and MFA for enrollment and console login. However, from what I have read from the documentation, if you use Azure AD for Identity Services this can only facilitate Identity and can't do group mapping from AD based groups. Has anyone had any experience with this same scenario or have recommendations on how to achieve this? I have read something about setting up SAML for Authentication and pointing this to Azure AD SAML instead of ADFS SAML, but not sure how this works or how to implement this and still maintain our group mappings.
