Zscaler Cloud

Zscaler Portal Cloud configuration

Go to Authentication Settings:

https://admin.zscloud.net/#administration/auth-settings

In the field Authentication Type select SAML
Click on Configure SAML
- In the field Login Name Attribute write: NameID
  Note: the default NameID is the user's email.
  If you want to use the upn instead, enter the following script line in Trustelem application Custom scripting field (see below for a complete example):

 function CustomSAMLResponse(msg: SAMLResponse, user: User, groups: Groups, deny: Deny): void {
  &#32;&#32;msg.setNameID(user.upn);
 }

In the field SAML Portal URL write:

https://mydomain.trustelem.com/app/18XXXX/sso

In Public SSL Certificate, upload the certificate of your Trustelem application
Turn OFF both Enable SCIM-Based Provisioning and Sign SAML Request

If you want to turn ON the SAML Auto-Provisioning function

In Zscaler, activate SAML Auto-Provisioning and enter the following attributes:
- User Display Name Attribute : displayName
- Group Name Attribute : groups
- Department Name Attribute : department
In Trustelem application Custom scripting field, write:

  function CustomSAMLResponse(msg: SAMLResponse, user: User, groups: Groups, deny: Deny): void {
    msg.setAttr('displayName', user.firstname + ' ' + user.lastname);
    msg.addAttr('groups', 'group1');
    msg.addAttr('groups', 'group2');
    msg.addAttr('groups', 'groupX');
    msg.setAttr('department', 'my_department');
  }

Note: instead of the constants "groupX" and "my_department", you can use other user's attributes.
For instance if you want to use Trustelem group attribute:

  for (let name  in groups){
    msg.addAttr('groups', name);
  }

Here is a complete example of custom scripting: