Enabling SAML federated authentication via Azure AD for Amazon workspaces

I am working with a partner on an Amazon Workspaces solution for one of the customers and they are hitting a couple of roadblocks due to some limitations/caveats. Here are the high-level requirements:

1. Customer user identities are managed in Azure AD;
2. Customer wants regional resiliency; Primary region: NVIRGINIA, DR Region: OREGON

Proposed solution https://docs.aws.amazon.com/whitepapers/latest/best-practices-deploying-amazon-workspaces/using-multi-region-aws-managed-active-directory-with-amazon-workspaces.html

To satisfy #1 above, We are running into issues with enabling SAML federated authentication via Azure AD. We followed this article: https://d1.awsstatic.com/whitepapers/workspaces/workspaces-saml-implementation-guide_2022.pdf. When we attempt to connect to a Workspace, we are presented with this dialog box.

I assume the username in the screen above are STS temporary credentials. The authentication workflow stops there.

I was wondering if you could assist as well as tell me if it’s possible to achieve this solution without creating duplicate identities in AWS Managed AD as well as Azure AD.