Registering PingFederate as an identity provider in Zscaler
Export your PingFederate signing certificate and use it to configure SAML in Zscaler Internet Access.
About this task
For more information on setting up single sign-on (SSO), see Configuring SAML in the Zscaler Internet Access documentation.
Steps
-
In PingFederate, export your signing certificate:
-
Go to Security → Signing & Decryption Keys & Certificates.
-
For the certificate that you want to use, in the Action column, click Export.
-
On the Export Certificate tab, click Next.
-
On the Export & Summary tab, click Export.
-
Open the
.crt
file in a text editor and copy the contents. -
Rename the file extension to
.pem
.
-
-
In Zscaler Internet Access, configure SAML:
-
Go to Administration → Authentication → Authentication Settings.
-
On the Authentication Profile tab, in the Authentication Type section, select SAML. Click Configure SAML.
-
In the SAML Portal URL field, enter your PingFederate SSO endpoint.
Example:
For example,
https://<pf_host>:<pf_port>/idp/SSO.saml2
. -
In the Login Name Attribute field, enter the LDAP attribute that maps to the login name that users enter when they authentication with Zscaler Internet Access, such as
NameID
. -
In the Public SSL Certificate section, click Upload. Click Choose File, select the
.pem
file that you exported from PingFederate, and then click Upload. -
Click Save to exit the window.
-
Click Save and activate the change as shown in Saving and Activating Changes in the Admin Portal in the Zscaler Internet Access documentation.
-