We are DUO Platform subscribers and are currently using SAML via the access gateway to protect multiple applications. We recently began testing Microsoft’s protected user group in AD and are running into an issue with our existing SAML integrations. Whenever a user is added to the protected users group SAML authentication fails. We see a failed login attempt on the DC, so it’s passing through the attempt it’s just failing to auth. Has anyone used the protected users group in conjunction with Access Gateway/SAML? Does anyone know why this would fail?
To clarify, this is the protected users group in Server 2012 R2 Domain functional level: