Hi all - we have configured browser access for a private app. Everything works fine with the authentication flow with our IdP into the private app through the normal reverse proxy public host URL.

We have set the CNAME of a custom host to revert to the public host URL. When we go to the custom host URL, it goes into a loop where it authenticates fine then tries to resolve to the custom host (not the public host reverse proxy URL) and creates an indefinite loop (IdP → netskope SAML → IdP). We confirmed with the SAML tracer that it indeed keeps resolving to the custom host URL and not the public host URL as intended.

Anyone had the issue and hot to resolve it?