The Zscaler service supports identity provider (IdP)-initiated SAML to authenticate administrators. The admin can log in to the Admin Portal directly from a Single Sign-On (SSO) provider's portal by clicking the Zscaler application icon. This feature also enables you to integrate admin authentication with your existing two-factor authentication solution.
Admins are not added through auto-provisioning. Rather, an admin must be added in the Admin Portal and can then use SAML authentication to log into it. The Zscaler service does provide a password authentication option for admins, but the Zscaler service recommends that admins use SAML authentication to log in to the Admin Portal. However, the service also recommends that you have at least one super admin with password authentication enabled to ensure an admin can still access the Admin Portal if SAML servers external to the Zscaler service become unreachable. The Zscaler service supports SAML 2.0 and above.
To configure SAML SSO for admins in the Zscaler Admin Portal:
Following are guides for configuring admin SAML SSO with specific IdPs.
When configuring other IdPs, the following information might be required:
Replace <Zscaler Cloud> with the name of the cloud on which your organization is provisioned. To learn more, see What is my cloud name?