Per documentation for Workspace here, under the feature Authentication, “Federated Authentication (SAML / Azure AD)” is supported, however that line is referring to direct to Storefront without an ADC involved. Also under the same document, you see “NetScaler nFactor Authnetication” which is listed as unsupported for iOS.
SAML with an ADC is a feature which will be supported in the future for iOS, however is currently unsupported. This leaves few options for allowing iOS to work when using SAML on your gateway:
- Create a separate Gateway specific for iOS devices
- Use SSO app on iOS to establish full VPN, and then set Workspace up to use your Internal Storefront FQDN. Note: there is no Single Sign On for the SSO app to Workspace, so users will have to authenticate twice: once to SSO for Full VPN, and once to Storefront using Workspace.