Forbidden error when connnecting after setting up SAML on Elastic Cloud

Yes, this does seem to be the issue here. I have no working knowledge of Azure AD but a simple search lead me to Configure group claims for applications by using Microsoft Entra ID | Microsoft Learn which seems to describe how to release Security Groups from your azure AD in the http://schemas.microsoft.com/ws/2008/06/identity/claims/role claim ( == SAML Attribute in our case) , hope this helps.

P.S. Really helpful to have a blog there detailing most of the steps but I do feel it's quite outdated. If you try to follow it you will see what I mean. Just my 2c.

Thanks for the feedback, we do appreciate this. Ping @forloop who wrote the original blog post to see if it would make sense to update some parts. Speaking of which, @forloop wrote another excellent guide recently in the forums that might help you too.