Automatic de-provisioning of users while using Okta as IDP and SAML auto-provisioning

saml
zia

(Shujaat Ali Jaffrey) #1

Requirement:

  • Automatically de-provision users on Zscaler when user is de-activated/removed at customer end.

Solution:

  • If you are using Okta as IDP, users can be automatically deleted on Zscaler once user is removed in Okta.

  • Please refer below article for configuration steps in Okta.
    https://saml-doc.okta.com/Provisioning_Docs/Zscaler_Provisioning.html

  • The configuration helps only if the user is deprovisioned in Okta i.e.

    1. User un-assigned from Zscaler application in Okta
    2. User account in Okta is de-activated
    

Note: It does not help in updating user attribute changes.