ref ztna training page 25
end user will need to browse towards the published app fqdn, this will present the user with an overview of locally (gateway specific) published services. But what if the user first needs to access an on-prem app and after that another app that is published in the cloud --> user will need to reauthenticate on the ztna gateway hosted in public cloud?
why not leverage sophos central to provide the initial end user entry point? https://cloud.sophos.com/manage/self-service already publishes some end user focused services. If a ztna tab could be added, publishing all user-permitted resources (reacheable over multiple ztna gateways), this would benefit the end user a lot.