While configuring ArcGIS Online enterprise login with Azure AD, I got the error message "Unable to login using Idp Unable to validate SAML response" when logging in.
The problem was "entity id" I used.
When adding IDP provider, I added "FederationMetadata.xml" which I generated from Azure. If I didn't set anything in the Advanced Settings, you get the error. By default, AGOL use something like "sitename.maps.arcgis.com" for the entity id. But Azure AD won't take it. Change the entitiy id to something like "https://sitename.maps.arcgis.com". This will do it.
Just a note: When you log in to AGOL while configuring the enteprise log in, use a different browser than the one you are logging into the Microsoft Azure. seems like the Azure user information carries over to AGOL loggin and fails to login.
This is not really mentioned in the help document.