We have a working SAML authentication in our Field Office that uses WSS as their secure webgateway. I used BCCA as our IDP but didnt set up an incoming firewall policy to my BCCA server. I have an outgoing policy to threatpulse but I dont see any logs hitting this policy. Makes me wonder how they communicate to one another in my current setup. WSS can see my internal BCCA as active.