Email based discovery can be used to add a Store to the Workspace, using the email address instead of the Store URL. We could do this for on-prem Stores, even with Gateway. The steps are provided here.
However, this doesn’t work for Cloud Customers where Storefront is in the Cloud and there is no Gateway. If we just point the SRV record (_citrixreceiver._tcp.domain) to the Cloud Store URL (domain.cloud.com), Workspace fails to add the store with a certificate error. We get the certificate error because Workspace tries to validate the email domain against the Store URL and they are different domains.