We have two Cisco Meraki networks under the same organization, each in a different physical location: one is our main HQ, and the other is our Corporate failover site. For remote access, we use Cisco Secure Client (AnyConnect) VPN, and authentication is handled through Microsoft Entra (Azure AD), with multi-factor authentication (MFA) via Duo.
We're now working on configuring the AnyConnect VPN for the Corporate failover site to use the same authentication method—Microsoft Entra with Duo MFA. However, we're running into an issue in Duo: it only allows adding one SAML identity provider. When I attempt to create a separate Enterprise Application in Microsoft Entra for the failover site, it asks for the Identifier (Entity ID) from the Duo SAML configuration.
The problem is that the Entity ID needs to be unique across all Enterprise Applications, but it's already being used in the application for our main HQ Cisco AnyConnect setup.
