Onprem Active directory integrate with Zscaler cloud ZIA

Hello Team one of our new customer going to integrate with on-prem AD to Zscaler cloud. Please confirm the below steps

AD prerequisites
We need to NAT the AD server IP
Need one read only administrator

In Zscaler side,
We need to enter directory sever IP address , In the box we need to enter NAT ip address or AD private IP address? Please confirm

I need to integrate particular OU? Please share your toughts

If i missed any points Pls share.

I haven’t done this personally, and I am still learning the Zscaler architecture. If I am not mistaken, for internal traffic forwarding, setup a GRE tunnel from your switch/firewall to Zscaler. Create an IP SLA to monitor the health as well.

And then use AD for use authentication if you wish, or do something with AzureAD for SAML (which would be ideal)

Maybe someone else has a step-by-step or some “gotchas” along the way. Would love to learn more myself on this integration!

Iam following ADFS integration with Zscaler cloud. It seems to be good, Thanks for the reply.
SAML Configuration Guide for AD FS 3.0 | Zscaler

Thanks for the reply , We successfully done the ADFS integration with Zscaler cloud proxy