Hi all,
 
Looking to find out if there is anything new in the art of per-user access control for AnyConnect VPN, i.e. user groups or multiple IP pools etc... when using AnyConnect and Azure AD SAML auth.
 
In short, I'd like to apply a specific set of L3 firewall rules to some but not all AnyConnect users.
 
I know about the group policy method in which you wait till the user connects, find them in the Clients list and then apply the policy, but that is tedious and I believe has to be re-done if they age-out of the client list.
 
I also know there is a way of doing this using the Filter-Id attribute if you are using RADIUS auth, but nothing like that for SAML auth as far as I can tell.