We have two AD domains, DomainA and DomainB. DomainA has a service desk that needs to manage DomainB users. Logins are done through EntraID SAML.
In DomainB, there is a group with foreign security principals of DomainA users, that has security role to allow management. FSPs don't sync with AzureAD Connect so at first they couldn't even get past SAML. We've then put in their DomainB contacts, which allow for SAML to succeed.
When DomainA users login through SAML, they are greeted with an error stating that
Domain 'domaina.org' is not managed by Adaxes (no logon information provided). We don't wish to manage Azure or DomainA through Adaxes, just DomainB.