My company is interested in this too. We've virtually eliminated AD / LDAP and the ridiculous overhead that comes with stand-alone directory management. It's bugging me that with all the available authentication integrations, SAML isn't included.
I am working on this for a customer using the Sponsored Guest Portal. When the user connects to the AP ISE redirects them to Azure AD and ISE reports them as authenticated. The user gets a browser window with a message to click the continue button. On doing so they get an error 500 message. we are running ISE3.1on a single box in AWS as PoC.