Hi, we are using Zapp on Windows 10 devices to forward traffic to Zscaler. We use SAML for provisioning and authenticating users against our Microsoft ADFS service.
We use a custom msi to provide SSO for the user using their integrated windows authentication credentials so they never have to enter creds into the Zscaler app.
The issue we have is that users are added to AD groups regularly which we have Zscaler URL and and cloud app rules for. currently to update the zscaler user database so rules work correctly we ask the user to logout of the Zapp to generate a new SAML assertion which updates the Zscaler user database with the user’s updated groups, however this doesn’t scale for a lot of users.
Best practice says to only authenticate once, if we changed this to daily or weekly for example does this work for Zapp users or does this authentication frequency setting only apply to web browsers, or is there another scalable way to regularly update the user database. Note we aren’t going to change from using SAML, ADFS or the Zscaler app. Thanks