At the moment, other than using kiosk mode and no SSO the only built-in solution is to use additional connection servers and tag them - you can then limit access to the servers on 443 to specific subnets by firewall and filter pool entitlements by tags. I think what you already have now is probably going to be easier to manage, however.
↧