ZeroTrust Self Hosted App with Temporary authentication


We have a Cloudflared tunnel established with a couple of published apps. We are using these without issue with Azure integration and that works fine. We do have a use case with temporary vendor access where we want to allow OTP/PIN authentication with justification and approval.

We have an app configured with a policy that requires the users email to be authorized. They are able to request a login code and enter it, which works fine, and they get to the screen asking for justification. They enter this, and we receive the request and can approve it.

The issue seems to be when we approve the request, the users not not redirected to the app (https website) but are instead redirected to a URL that is invalid. The URL (with info redacted) that they get pushed to is:

file:///private/var/containers/Bundle/Application/application id here/

Not sure if we are missing something here?