Page created: 16 Apr 2020
|
Page updated: 8 Feb 2022
| 2 min read
Zscaler Private Access Zscaler Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator
To allow PingFederate to handle single sign-on (SSO) to Zscaler Private Access, create a service provider (SP) connection.
Note: You can follow these steps to create a new SP
connection, or you can modify your provisioning connection.
- In the PingFederate administrator console, configure the data store that PingFederate will use as the source of user data. For instructions, see Datastores in the PingFederate documentation.
-
On the Identity Provider tab, in the SP
Connections area, open an existing connection or create a new one as
follows:
- Click Create new.
- On the Connection Template tab, select Use a template for this connection.
- In the Connection Template list, select Zscaler ZPA Connector.
- Click Choose File, select the sp_metadata.xml file that you downloaded in Enabling provisioning and single sign-on in Zscaler, and then click Open. Click Next.
- On the Connection Type tab, select Browser SSO Profiles and clear any unwanted types. Click Next.
- On the General Info tab, the basic connection information is populated by the metadata XML file. Click Next.
-
On the Browser SSO tab, configure browser SSO.
For a complete guide, see Configuring IdP Browser SSO in the PingFederate documentation.
- On the Browser SSO > SAML Profiles tab, select only IdP-Initiated SSO and SP-Initiated SSO.
- On the Browser SSO > Protocol Settings > Allowable SAML Bindings tab, select only POST.
- On the Browser SSO > Protocol Settings > Signature Policy tab, select Always sign assertion.
-
On the Credentials tab, configure the connection
credentials. Click Next.
For a complete guide, see Configuring credentials in the PingFederate documentation.
- On the Credentials > Signature Verification Settings > Signature Verification Certificate tab, click Manage Certificates and import the certificate that you downloaded in Enabling provisioning and single sign-on in Zscaler.
- On the Activation and Summary tab, above the Summary section, turn on the connection. Click Save.