If you configure the Zscaler Client Connector Portal as your identity provider (IdP), users automatically enroll with Zscaler Client Connector. Users and their devices authenticate using a device token generated in the Zscaler Client Connector Portal. Adding the Zscaler Client Connector Portal as an IdP in the ZIA Admin Portal is one of the tasks you must complete when configuring the Zscaler Client Connector Portal as your IdP. To learn more, see Using the Zscaler Client Connector Portal as an Identity Provider.

To add the Zscaler Client Connector Portal as an IdP, you must disable SAML auto-provisioning for your existing IdP or change the User Repository Type to Hosted DB on the Authentication Profile page.

This authentication method only works with Zscaler Client Connector.

To add the Zscaler Client Connector Portal as the IdP in the ZIA Admin Portal:

1. Go to Administration > Authentication Settings.
2. Click the Identity Providers tab.
3. Click Add Zscaler Client Connector Portal as IdP.

The Add Zscaler Client Connector Portal as IdP window appears.

4. In the Add Zscaler Client Connector Portal as IdP window:
   • Authentication Domains: Select Any to map all domains to the Zscaler Client Connector Portal or select specific domains. This allows the Zscaler Client Connector Portal to authenticate an incoming user. Any unselected domains will be mapped to the default IdP. Apart from the default IdP, any additional IdPs must be mapped to at least one domain.
   • Status: Enable or Disable the IdP.
   • Enable SAML Auto-Provisioning: Enable to provision users on the Zscaler service.

See image.

5. Click Save to exit the window.
6. Click Save and activate the change.