SSO SAML SAPUI5 AZURE AD

Hello community!

I am in the middle of configuring SSO in our organizations sapui5 app.

Environment:

We have a SAP Gateway system that has a trust relationship with our SAP ECC system.

Azure AD with an enterprise app with SAML SSO configured minus the metadata from the Gateway Identity Provider.

SAP ui5 app making api calls with basic authentication

Problem:

as I am setting this up at some point I have to access T-Code SAML2. I get a 403 Forbidden.

What I have done so far:

applied permissions that allow SAML2 configuration/administration.

researched how to make a custom role and executed this with no luck still getting 403.

Has anyone had this combination of components running into simmlar issues or know how to navigate through?