Hey all, I'm looking to transition my users from having a choice of using my on-prem gateways vs Gateway Service. All of our users that currently hit our on-prem NSGWs do it via web -> nFactor SAML sp initiated -> Okta. So I don't have to worry about breaking any WSA/mobile devices. Aside from adding an add'l custom workspace URL at my jonsdomain.cloud.com, changing DNS for gateway.myorg.com to the new custom URL above, reconfiguring the IdP side to do Oauth vs SAML, what else should I be looking out for?

I would recommend to configure workspace authentication to SAML 2.0 on not Okta directly 😉

Hi Arnaud! I assume to future proof/IdP portability?

It’s just that there was a know bug with more than 200 groups with Okta

If you want users to be able to choose launch method (on-prem gateway vs Gateway Service) you can create a new resource location configured for that access type, and create a new MC+DG in that resource location. The login path wouldn't change but users would see an addition published app/desktop launched via the other method