When IdP authenticates user I need to put different roles into SAML Assertion depending if a user on Internal network (used IWA to authenticate) or Internet (used form with 2FA). I don’t see any SM headers corresponding to authentication schema that could be used from Assertion Plugin. Any other options you may know to accomplish similar results? Basically, Internally authenticated users may have more roles, externally authenticated just a basic one.Thanks,Vlad