Role based access control is a major component of Single Sign-On and is one of it's major benefits. Currently DNS Filter only allows us to set one global default role for all incoming SSO users, where it would be helpful to be able to do it by Azure "app roles".

The following is the customer side documentation we would expect to follow to configure this: https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-use-app-roles-customers

Ideally each DNS Filter role (Read-Only, Edit Policies Only, and Admin) would be assigned a "Value" in the below screenshot, so that we can configure groups in O365/Azure that correlate to each administrative role in DNS Filter