To allow PingFederate to handle single sign-on (SSO) to Zscaler Private Access, create a service provider (SP) connection.
- In the PingFederate administrator console, configure the data store that PingFederate will use as the source of user data. For instructions, see Datastores in the PingFederate documentation.
On the Identity Provider tab, in the SP
Connections area, open an existing connection or create a new one as
- Click Create new.
- On the Connection Template tab, select Use a template for this connection.
- In the Connection Template list, select Zscaler ZPA Connector.
- Click Choose File, select the sp_metadata.xml file that you downloaded in Enabling provisioning and single sign-on in Zscaler, and then click Open. Click Next.
- On the Connection Type tab, select Browser SSO Profiles and clear any unwanted types. Click Next.
- On the General Info tab, the basic connection information is populated by the metadata XML file. Click Next.
On the Browser SSO tab, configure browser SSO.
For a complete guide, see Configuring IdP Browser SSO in the PingFederate documentation.
- On the IdP-Initiated SSO and SP-Initiated SSO. tab, select only
- On the POST. tab, select only
- On the Always sign assertion. tab, select
On the Credentials tab, configure the connection
credentials. Click Next.
For a complete guide, see Configuring credentials in the PingFederate documentation.
- On the Manage Certificates and import the certificate that you downloaded in Enabling provisioning and single sign-on in Zscaler. tab, click
- On the Activation and Summary tab, above the Summary section, turn on the connection. Click Save.