• SEP Mobile is installed on the phone
• integration with Cloud SWG is completed, SEP Mobile receives the correct Web and Cloud Access Protection policy
• traffic goes via Cloud SWG, and Cloud SWG policies are applying correctly
• as soon as SAML is enabled, browsing on the mobile phone fails and authentication is not possible. Page stays blank on login.micrisoftonline.com

To resolve problem ensure that:

1. the following domains are exempted from authentication on Mobile Devices:
   login.microsoftonline.com
   msauth.net
   msftauth.net
2. in the Cloud SWG Identity > SAML Authentication the Endpoint Type is set to "Redirect Endpoint"

Once this is configured and all pending policies are activated in the Cloud SWG portal, new browsing on mobile phone will redirect to the SAML login page (login.microsoftonline.com)