I'm in the process of enabling SSO for various web applications across our estate. Most apps use AD authentication or local usernames and passwords, so providing the third party supplier supports WS_FED or SAML then it's been relatively easy to set up SSO. However, when it comes to Office 365 (currently federated with ADFS) I'm finding that Azure AD offers some great reporting functionality that I don't think WS1 does. For example, in AAD you can see all bad password attempts via ADFS. So if I go and migrate authentication from ADFS to WS1 then we're going to loose this reporting functionality. Has anyone found themselves in a similar position or knows of advanced reporting that in WS1 IDM?