Disabled SSO for Zscaler desktop application

My group has run into an issue where we have Single Sign-on enabled, and one of our groups need to use Zscaler in order to connect to our customer’s infrastructure. When Zscaler is opened, the user is putting in his Customer username. Once he clicks on the Zcloud option, the following error appears:

User Account “Useremail@ourdomain.com” from identity provider “URL” does not exist in tenant "Customer’s tenant and can not access the application zscloud(Zscaler) in that tenant.

I’ve come across a few suggested solutions on the Zscaler forums, but none have worked thus far.
The first I tried was the solution found here: Zscaler App login issue -- uses my infosys when given with my client account
This thread suggested adding the user’s customer email to Emails and accounts; however this was already in place. Sadly this did NOT resolve my coworkers issue. Once this failed I reached out to the customer’s IT group since they’re more familiar with Zscaler.
The customer’s IT group suggested turning off Single Sign-on on the system, but nothing I’ve done thus far has resolved the issue.
I’ve also turned off Sync’ing in both Edge and Chrome (win10 accounts chrome ext), I’ve gone into internet options and set it so that the user should be prompted for username and password for both internet and local security settings, I’ve disabled the option for “Don’t prompt for client cert selection…” as suggested in another forum thread, in the advanced tab of internet options I’ve turned off “Enable Integrated Windows Auth.”

I know with other applications there are usually registry entries that can be set to disable SSO for that particular application while the rest of the system would still be able to use SSO, but if this exists for Zscaler I’m assuming it would need to be created as a new DWord.
As you can tell, I’m grasping at straws trying to resolve my coworkers issue with Zscaler so he can start working… Any advice or suggestions on this matter, any guidance would be appreciated.

I’m hoping to have a meeting with the customer’s IT dept. to resolve this issue, but i’ve had difficulties trying to even get a response from them so far…

This is the Forum Thread that I pulled the URL from my initial post.

I’m receiving an error when trying to post more URL’s to other Zscaler forum posts that talked about this subject but the other suggestion I mentioned above suggests this:

In Internet Explorer, go to the Tools -> Internet Options -> Advanced tab and uncheck the “Enable Integrated Windows Authentication” check-box
Next, switch to the security tab and click Local Intranet -> Custom Level and select “Prompt for user name and password” (under User Authentication, Logon)

This was done but did NOT resolve my issue. I wanted to add this in case it helps someone else with a similar issue in the future.

Hi Marty,

This can be resolved when you go to “Email and Accounts” and add your zscaler login account here using option available “Add a work or school account”.

Note: In order to see this Add a work or school account option, you have to be on Win 10 build version 1903 & above.

Once you add account, you should see zscaler throwing you option to select account which you want to use for Zscaler app login
Thanks
Sumanth D

1 Like

Please re-read what I had posted. This was already done and we’re still experiencing this issue.

you mentioned like you have changed settings on your IE browser settings. I was talking about windows settings.

Sounds like I’ll have to edit my initial post to better clarify. Before I adjusted the settings in Internet option, I had found your thread asking about the same issue and the resolution was to go into Windows settings > Accounts, etc… When that failed for my user is when I went to other possible solutions.

Apologies if my previous message came back a touch rude. It was not my intent.

So even though the user’s account with our customer was already in place, removing the account and then adding it back after Zscaler was installed onto the system resolved our issue.

sumanthdandaboina’s suggestion does work, but it only seems to have worked, for us, when the account was added to Emails and Accounts as a Work or School account after Zscaler has already been installed.

2 Likes