Use seperate PTA agents for each AD forest
We are just now maing the switch from ADFS to use PTA.
We are a large enterprise with some 25k users and 3 seperate AD forests.
One thing that would make my, and every network/firewall persons, life easier would be if we could have dedicated PTA agents for Forest A that takes care of users with UPN suffix belonging to Forest A, and seperate dedicated agents for Forest B that takes care of users with UPN suffixes belinging to that forest.
In the current design any login ticket can end up on any PTA agent which means that every server with a PTA agent must be able to communicate with every domain controller for PTA with SSO to work??
So the abolity to manage a "login queue" for Forest A and tie the PTA agents in Forest A to that queue would help tremendously!
We are currently investigating this feature request.