FortiClient - SAML Login with Azure MFA

Hey people,

I would need assistance with configuring SAML for FortiClient's.

Already created it on one FortiGate and tested it with one user, work's perfectly.

Now the question is how would I do it for Production where we have 4 branch offices:

• We have  4 SSL-VPN Tunnels, to the HQ and Secondary Branch Office (Main and Failover WAN Connections)
• In Azure Enterprise Applications > FortiGate SSL VPN > SAML configuration > I just add multiple tunnels in configurations?
• How to approach creating same configurations across FortiGate's?
• Groups are not available for assignment since we don't have the right plan in Azure. I need to assign users individually.
  

Did somebody of you already configure this and what was your approach?
Thanks in advance