Zscaler Cloud

Zscaler Portal Cloud configuration

• Go to Authentication Settings:

https://admin.zscloud.net/#administration/auth-settings

• In the field Authentication Type select SAML

• Click on Configure SAML

  • In the field Login Name Attribute write: NameID
    Note: the default NameID is the user's email.
    If you want to use the upn instead, enter the following script line in Trustelem application Custom scripting field (see below for a complete example):

 function CustomSAMLResponse(msg: SAMLResponse, user: User, groups: Groups, deny: Deny): void {
    msg.setNameID(user.upn);
 }

• In the field SAML Portal URL write:

https://mydomain.trustelem.com/app/18XXXX/sso

• In Public SSL Certificate, upload the certificate of your Trustelem application

• Turn OFF both Enable SCIM-Based Provisioning and Sign SAML Request

If you want to turn ON the SAML Auto-Provisioning function

• In Zscaler, activate SAML Auto-Provisioning and enter the following attributes:

  • User Display Name Attribute : displayName
  • Group Name Attribute : groups
  • Department Name Attribute : department

• In Trustelem application Custom scripting field, write:

  function CustomSAMLResponse(msg: SAMLResponse, user: User, groups: Groups, deny: Deny): void {
    msg.setAttr('displayName', user.firstname + ' ' + user.lastname);
    msg.addAttr('groups', 'group1');
    msg.addAttr('groups', 'group2');
    msg.addAttr('groups', 'groupX');
    msg.setAttr('department', 'my_department');
  }

Note: instead of the constants "groupX" and "my_department", you can use other user's attributes.
For instance if you want to use Trustelem group attribute:

  for (let name  in groups){
    msg.addAttr('groups', name);
  }

Here is a complete example of custom scripting: