Cisco Jabber with SAML SSO, used through Mobile and Remote Access VCS servers

[Dieselboy]

I have TAC on this, kinda. It's been a struggle to convince them the issue is somewhere related to Jabber for Windows and the VCS / Expressway setup; and not the IDP.

If a user is on premise, using automatic sign in to Jabber using the windows logged in credentials this is all good and no problem.

If the user shuts down their laptop and takes it home, jabber fails to sign in. The same IDP is used in both scenarios. The workarounds are:
- go back to the office network
- or connect via VPN to the office network
- or adjust the internet security settings which prevents jabber from pulling the logged in credentials and therefore presents the user with a log in box where they can successfully log in to the IDP

// rebooting, resetting jabber, re-installing jabber does not resolve (although uninstalling jabber does not clear jabber from the machine entirely)

I have eventually gathered that jabber for some reason cannot access the credentials or it does something untoward with the credentials, before contacting the IDP. The IDP gives back a 401 error and so jabber does not / cannot sign in.
I think the issue may be caused because the laptop does not have domain controller connectivity because it is outside the corp network but this is just a guess and if it is true, then at the moment I don't know why.

Anyone else have this setup or problem?
I ask people but it seems that my setup is quite unique..