If you manage users with an identity provider (IdP), Zscaler can import those users directly. You'll need to make sure your IdP is set up for SAML authentication and SCIM provisioning. You can also import users from a CSV file and add users manually.

To import users from your IdP:

1. On the Users page, click Connect IdP at the top of the page.

   See image.

   

   Close

2. Under Select Identity Provider, select your IdP and click Next.

   Commonly used IdPs are shown at the top, or you can select one from the drop-down menu.

3. Under Link Your <IdP Name> Identities, enter the following under General Details:
   • Name: A unique name for this IdP connection (e.g., "Corp IdP Connection").
   • Domain: Select the domain associated with the tenant for this connection from the drop-down list. This list is generated from the domains associated with your ZIdentity account.
   • Login Id Attribute: Enter the attribute from your IdP that will be used as the ZIdentity login ID.
4. Select the protocol for your IdP, either OIDC or SAML then complete the information to retrieve the metadata:
   • OIDC Connection

     • Redirect URI: Filled in automatically. Your unique URI to log into Zscaler.
     • Client ID: Enter ID to log in to the IdP.
     • Client Secret: Enter the secret associated with the client ID.
     • Metadata URL: Enter the URL to retrieve metadata on your IdP.

     Close
   • SAML Connection

     • SP Entity ID: Filled in automatically. Your unique entity identifier on Zscaler as the service provider.
     • SP URL: Filled in automatically. Your unique URL to access Zscaler as the service provider.
     • Metadata URL: Enter the URL to retrieve metadata on your IdP.

     Close
5. Click Fetch next to the Metadata URL box. Zscaler retrieves the metadata information required to connect your users. Depending on your protocol:
   • OIDC Connection

     Click Next to continue.

     Close
   • SAML Connection

     The following IdP information is displayed:

     • IdP Entity URL: The unique URL for this IdP entity.
     • IdP Single Sign-On URL: The SSO URL to which users are sent for authentication for this IdP.
     • IdP Certificate: The certificate used to verify the digital signature of the IdP.

     Review the information and click Next to continue.

     Close
6. Under Provisioning, click Generate Token to generate a bearer token, which is used by the IdP to connect to Zscaler. Click the toggle if you want to skip this step and disable SCIM provisioning. To learn more about SCIM provisioning, see Enabling SCIM for Identity Management.
7. Click Finish to link to your IdP and import your users.
8. When users are successfully imported, the Users page appears. From this page, you can add more users manually, edit them, or assign them to different roles. To learn more, see Editing Newly Onboarded Users.

If you want to remove all imported users from Zscaler, click the Disconnect <IdP Name> link at the top of the page. This action cannot be undone.

To learn more about SAML and OIDC configurations, see IdP Configuration.