ZIA Client Connector Auth via Azure SSO Question

bsmithAMP · March 22, 2023, 11:52pm

Hello all,

Before I get started down this road, I’d like to verify if this is possible.
Recently I set up our ZScaler Admins to SSO via Azure and it works great (we have on-prem AD and Azure AD sync). Now I’d like to do that with Client Connector users. What I’m after is for the Client Connector authentication to be completely seamless and transparent to the end user. We have machines that multiple users will log into during the day and I’d like their Client Connector sessions to automatically authenticate based upon their Windows authentication. I don’t want my end users interacting with the agent at all.

Is that something that works out there?

Thanks in advance!

mryan · March 23, 2023, 3:21pm

Yes. Provided Azure SSO works in the browser, it’ll work for ZCC.
For example - Azure using password hash sync, and hybrid joined device, will receive a PRT when the user logs on. This will be passed during Zscaler SSO to login.microsoftonline.com, and the user transparently authenticated.

Example video is here Azure SAML Managed vs unmanaged - YouTube - but this is also doing MFA for unmanaged devices.

bsmithAMP · March 29, 2023, 9:39pm

Thanks for your reply, much appreciated!