[ZIA] How to use on-premise ADFS for authentication

Hi all, I am newbie to Zscaler and just wonder how it integration with on-premise ADFS for SAML authentication?

Should I do it via Zscaler Authentication Bridge (ZAB) or by GRE/IPSec tunnel ?

Glad that if anyone can have a solution on it

Thank you

Hi @simon29a ,

here you go .

Hi Pardeep, thank you for your sharing. May ii confirm that the communication between Zscaler and the on-premises ADFS is via GRE/IPSec tunnel ? Many thanks

ADFS doesn’t need to communicate to zscaler. But users should have the reachability to ADFS.

Thanks Ramesh, sorry that I am not familiar in SAML. For mobile user to initial SAML authentication to ZIA/ZPA, which mean ADFS should be exposed to the Internet?

Yes, for anything but Windows PCs ADFS must be exposed to the Internet.