I'm curious if we configure our ArcGIS Online and ArcGIS Enterprise environment with the same SAML identity provider, if users can seamlessly access content stored in each environment without having to login separately.
For example, a user logs into ArcGIS Online, and opens a map that point to an ArcGIS Enterprise REST endpoint (an endpoint that is restricted via a Federated Portal) that the same user has access to in Enterprise, would that user have to _also_ login to Enterprise, or would AGOL pass the SAML identity token to Enterprise seamlessly?