Hi Boon, yes you are right! so we added the login.microsoft etc etc domain… It kinda of worked… It opens a new tab and puts it through saml with no logon… perfect!.. but then it does not hide the app behind the clientless ssl vpn anymore eg: portal.blah.com/https/guco.blah.com it just sent the browser to guco.blah.com which isn’t exposed externally so then failed. We’re not sure why but at least this is progress. 