David, please find the official doc linked above as Accepted Solution... also here...
http://support.ruckuswireless.com/documents/3686-cloudpath-es-azure-integration-using-saml
Hi all,
This procedure is now officially documented on the Ruckus Support Portal.
https://support.ruckuswireless.com/documents/3686-cloudpath-es-azure-integration-using-saml
You could apply the same cert to different devices, but you would then not be able to uniquely distinguish them. It is not required that you use an AD account user for the Username field. That just establishes the username as part of the certificat...