There is a Duo Access Gateway user who would like to enable SSO to my company’s web app. Normally we would just do the OIDC details exchange and be done. Sometimes (like now) I need to dig into the documentation because there is some kind of oddity...