Thank you for the swift responses. We have added the origins to our OAuth config which fixed our initial "X-Frame-Options" Deny issue. However, this wouldn't fix our problem with Azure returning it and safari blocking the rendering.
It doesn't look like we are able to change any config in Azure to change the Deny value, unless anyone has any suggestions.
Our domains are as follows;
env.myapp.io -> iframe[ 3rdparty.io --SAMLv2--> auth.myapp.io --SAMLv2--> login.microsoftonline.com]
any suggestions?
@dan that link doesnt really suggest anything which looks implementable without either changing a library in FusionAuth or using OpenID.