SSO with Azure ZScloud app

I am planning to cutover our user provisioning service from OKTA to Azure. We run an on-prem AD which users are synced to Azure. I am intending to configure Zscaler provisioning to use SCIM (with SAML disabled)
I have a few questions regarding using the ZScloud Azure app for authentication.

  1. The setup guides talk about creating user attributes and claims and defining role groups. If use SCIM provisioning, some documentation mentions that these steps are not required, can anyone confirm?

  2. SSO. Several articles mention having the user “click the Zscaler app” to login, - we need this login to be seamless and automatic, we do not want users to have to initiate anything to access Zscaler. Can someone pls confirm that when a user opens their browser, that the authentication is automatically offloaded to Azure and passed though seamlessly.


To answer point 1 - No need to create claim groups if you are suing SCIM. Same groups names can auto provision in zscaler.
If SSO is enabled, the authentication will be seamless. .

Thanks, just to clarify the statement “If SSO is enabled” is this referring to any specific setting?


SSO - single sign on to be enabled on the idp. If you are using zapp you need to customize the app during installation. The cloud name and domain name attributes to be modified during installation.

Ramesh M