For more information on setting up single sign-on (SSO), see Configuring SAML in the Zscaler Internet Access documentation.
  1. In PingFederate, export your signing certificate:
    1. Go to Security > Signing & Decryption Keys & Certificates.
    2. For the certificate that you want to use, in the Action column, click Export.
    3. On the Export Certificate tab, click Next.
    4. On the Export & Summary tab, click Export.
    5. Open the .crt file in a text editor and copy the contents.
    6. Rename the file extension to .pem.
  2. In Zscaler Internet Access, configure SAML:
    1. Go to Administration > Authentication > Authentication Settings.
    2. On the Authentication Profile tab, in the Authentication Type section, select SAML. Click Configure SAML.
      A screenshot that shows the Authentication Profile settings with SAML selected.
    3. In the SAML Portal URL field, enter your PingFederate SSO endpoint.

      For example, https://<pf_host>:<pf_port>/idp/SSO.saml2.

    4. In the Login Name Attribute field, enter the LDAP attribute that maps to the login name that users enter when they authentication with Zscaler Internet Access, such as NameID.
    5. In the Public SSL Certificate section, click Upload. Click Choose File, select the .pem file that you exported from PingFederate, and then click Upload.
    6. Click Save to exit the window.
    7. Click Save and activate the change as shown in Saving and Activating Changes in the Admin Portal in the Zscaler Internet Access documentation.