Can Gateways in the edge authenticate against the EAM?

We have the EAM module deployed in Azure and it is working really well, however I am trying to figure out security profiles now for all of our sites. I know I can export the identity provider from the EAM, but would like to control all roles for the company in the EAM and not at the edge sites, what am I missing? I feel like I am just missing something obvious to getting everything to pull settings from the EAM. Even if its treated the same as pushing projects tasks for the agents we could run a task to push login information to the edge from EAM.

The other problem is all our sites are on either Viasat or LTE less coms over those connections would be ideal.