We just switched from on-prem AD over to SAML from Azure to take advantage of MFA since we all have E3 and EMS3 licenses.
If I look in Reports and on the Authentication tab I see two entries for each user logging on. The first one is a failure saying "needs SAML authentication" and the second one is a success message. The failure entry is for the AD user name (samaccountname) which is not the UPN/Email address.
Can anyone tell me where the setting is for it to not bother with the samaccountname and instead only use the UPN/Email address (either is fine as those two are identical per O365 best practice.)
Needs SAML authentication is really not a failure message, instead it would instruct the Pulse Client to open the browser to do the SAML authentication. Using SAML embedded browser on the Pulse Client should not trigger this error on the VPN server, I believe.