1. In the PingFederate administrator console, create a new SP connection:
    • For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.
    • For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.
  2. Configure the basic connection details with the Zscaler Internet Access quick connection template:
    1. On the Connection Template tab, select Use a template for this connection.
    2. In the Connection Template list, select Zscaler ZIA Provisioner.
    3. In the Metadata File row, upload the zscaler-metadata.xml file that you saved in Getting SAML details from Zscaler. Click Next.
    4. On the Connection Type tab, select only Outbound Provisioning. Click Next.
    5. On the General Info tab, in the Connection Name field, enter a name for the connection. Click Next.
  3. On the Outbound Provisioning tab, configure provisioning, as shown in Configuring outbound provisioning in the PingFederate documentation, with the following details:
    1. On the Target page, enter the Base URL and Bearer Token values that you noted in Getting a base URL and bearer token from Zscaler.
      Note:

      PingFederate verifies the access token when you activate the channel and SP connection.

    2. Optional: In the Provisioning Options section, customize the provisioning connector actions as shown in Provisioning options reference. Click Next.
    3. On the Manage Channels page, create a channel as shown in Managing channels in the PingFederate documentation. Click Done.
    Note:

    For more information about the attributes available in your channel configuration, see Supported attributes reference.

    1. On the Outbound Provisioning tab, click Next.
  4. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.