My group has run into an issue where we have Single Sign-on enabled, and one of our groups need to use Zscaler in order to connect to our customer’s infrastructure. When Zscaler is opened, the user is putting in his Customer username. Once he clicks on the Zcloud option, the following error appears:
User Account “Useremail@ourdomain.com” from identity provider “URL” does not exist in tenant "Customer’s tenant and can not access the application zscloud(Zscaler) in that tenant.
I’ve come across a few suggested solutions on the Zscaler forums, but none have worked thus far.
The first I tried was the solution found here: Zscaler App login issue -- uses my infosys when given with my client account
This thread suggested adding the user’s customer email to Emails and accounts; however this was already in place. Sadly this did NOT resolve my coworkers issue. Once this failed I reached out to the customer’s IT group since they’re more familiar with Zscaler.
The customer’s IT group suggested turning off Single Sign-on on the system, but nothing I’ve done thus far has resolved the issue.
I’ve also turned off Sync’ing in both Edge and Chrome (win10 accounts chrome ext), I’ve gone into internet options and set it so that the user should be prompted for username and password for both internet and local security settings, I’ve disabled the option for “Don’t prompt for client cert selection…” as suggested in another forum thread, in the advanced tab of internet options I’ve turned off “Enable Integrated Windows Auth.”
I know with other applications there are usually registry entries that can be set to disable SSO for that particular application while the rest of the system would still be able to use SSO, but if this exists for Zscaler I’m assuming it would need to be created as a new DWord.
As you can tell, I’m grasping at straws trying to resolve my coworkers issue with Zscaler so he can start working… Any advice or suggestions on this matter, any guidance would be appreciated.
I’m hoping to have a meeting with the customer’s IT dept. to resolve this issue, but i’ve had difficulties trying to even get a response from them so far…