Skip to main content

Zscaler Cloud

Zscaler Portal Cloud configuration

  • Go to Authentication Settings:
https://admin.zscloud.net/#administration/auth-settings
  • In the field Authentication Type select SAML

  • Click on Configure SAML

    • In the field Login Name Attribute write: NameID
      Note: the default NameID is the user's email.
      If you want to use the upn instead, enter the following script line in Trustelem application Custom scripting field (see below for a complete example):
 function CustomSAMLResponse(msg: SAMLResponse, user: User, groups: Groups, deny: Deny): void {
    msg.setNameID(user.upn);
 }
  • In the field SAML Portal URL write:
https://mydomain.trustelem.com/app/18XXXX/sso
  • In Public SSL Certificate, upload the certificate of your Trustelem application

  • Turn OFF both Enable SCIM-Based Provisioning and Sign SAML Request

If you want to turn ON the SAML Auto-Provisioning function

  • In Zscaler, activate SAML Auto-Provisioning and enter the following attributes:

    • User Display Name Attribute : displayName
    • Group Name Attribute : groups
    • Department Name Attribute : department
  • In Trustelem application Custom scripting field, write:

  function CustomSAMLResponse(msg: SAMLResponse, user: User, groups: Groups, deny: Deny): void {
    msg.setAttr('displayName', user.firstname + ' ' + user.lastname);
    msg.addAttr('groups', 'group1');
    msg.addAttr('groups', 'group2');
    msg.addAttr('groups', 'groupX');
    msg.setAttr('department', 'my_department');
  }

Note: instead of the constants "groupX" and "my_department", you can use other user's attributes.
For instance if you want to use Trustelem group attribute:

  for (let name  in groups){
    msg.addAttr('groups', name);
  }

Here is a complete example of custom scripting:

zscaler_custom_script.PNG