But the profile shown uses cisco.com for the dns suffix. My guess is this is because its just an example. But this doesn't work when I test it using customer dns suffix and dns servers.
We are using auto-generate certificates and DDNS, is this even possible or do I need custom hostname certificates?
UPDATE - I did get this working for basic Meraki Authentication, Always on and Trusted Network Detection, but I need it to work with SAML (Azure AD).
When on an untrusted network, SAML not be able to reach single sign on web page for Azure AD because Internet access is blocked, so it doesn't allow you to even attempt to authenticate. I will keep at it and update if I find a solution.