Has Anyone Migrated ZIA SSO from On Premises ADFS to Microsoft Azure Active Directory?

Hello, we are attempting to migrate our businesses existing ZIA SSO from an on premise ADFS configuration to Microsoft Azure Cloud Active Directory. With suggestions from support we worked through the help documentation they provided and configured the attributes and claims with MIcrosoft Graph in our Microsoft Azure Active Directory portal but are still not getting successful authentication. When MIcrosoft Azure Active Directory is enabled as an IDP any user that authenticates loses their Groups and Department settings in “User Management” which means they are then not filtered by ZIA. We have checked the configuration several times in the Zscaler IDP configuration and in Microsoft Azure Active Directory and both seem correct. It is as if some of the claims are not being passed but none of us are experts in this to be able to determine what the problem is.

Has anyone in the community made a ZIA IDP change from on premise Microsoft ADFS to Microsoft Azure Active Directory and can offer some insight in to how their change went?

Thanks in advance,


Hi @PaulAtWork, welcome to the Zscaler Community!

As part of your migration, have you considered SCIM for mapping in the group membership? About SCIM | Zscaler

This is generally more straightforward to configure.