I really like the idea of using SAML groups to control Groups in AGOL which is a convenient way to organize secured content, but have found it limiting that I can only use a SAML group one time. Aside the best practice aspect, it seems like I am shifting the user management of those AGOL groups to the network which is not ideal as the use of SAML groups was to make user management easier and/or more seamless.
What I would like to have is the ability to have one SAML group, like GISUsers and allow them access to several AGOL groups.