For more information about configuring Zscaler, see Configuring an IdP for Single Sign-On and Enabling SCIM for Identity Management in the Zscaler Private Access documentation.

  1. Sign onto Zscaler Private Access as an administrator.
  2. On the Administration → Authentication → Settings page, click Add IdP Configuration.
  3. On the Add IdP Configuration modal, on the IdP Information tab, complete the basic information. Click Next.
    Note: If you cannot select an authentication domain, contact Zscaler. For more information, see Configuring Authentication Settings in the Zscaler Private Access documentation.
  4. On the SP Metadata tab, click Download Metadata. Save the file as sp_metadata.xml.
  5. Click Download Certificate. You will use this in Creating a single sign-on connection. Click Next.
  6. On the Create IdP tab, complete the information from PingFederate.
    1. For the IdP Metadata File, upload the metadata.xml file that you exported in Exporting SAML metadata from PingFederate.
    2. For the IdP Certificate, upload your PingFederate signing certificate. For instructions, see Managing digital signing certificates and decryption keys in the PingFederate documentation.
    3. In the Single Sign-On URL field, enter your PingFederate single sign-on endpoint based on the following.

      https://pf_host:pf_port/idp/SSO.saml2

    4. In the IdP Entity ID field, enter the SAML 2.0 Entity ID that you created in Enabling single sign-on in PingFederate.
  7. In the SCIM section, configure SCIM provisioning. Click Save.
    1. For SCIM Sync, click Enable.
    2. Note the SCIM Service Provider Endpoint and Bearer Token. You will use these in Creating a provisioning connection.