IDP migration from ADFS to Okta

Hi,

New to Zscaler Community. We are attempting to migrate SAML authentication from ADFS to Okta. We checked with support to check the feasibility of moving users group by group in a phased manner. but they told that suggested way of doing it via “migrate to a new saml idp” option and having the second idp in parallel would break the authentication and produce duplicte user entries. We already have ADFS auth enabled for any locations and domains and we can’t afford to migrate all users at once in one shot (cut over to okta in one change window). we would like to acheive it based on location or user group if possible. could you please suggest the better approach to what we are trying to achieve here.

since we can’t afford to test the things the way we want in prod cloud, the support has provided access to beta cloud to test two idp’s in parallel. adding our prod authentication domain (example abc.com) to beta cloud would break prod authentication?