Zscaler App login issue -- uses my infosys when given with my client account

Client Connector
,
#1

When logging in to the Zscaler app installed on my Companies machine, it is picking my company account instead of taking my client account which am trying to use when logging in…

I clearly give my client email id and hit login, but it will automatically pick my Infosys account and throw me AD error —AADSTS50177: User account ‘**********@ad.infosys.com’ from identity provider ‘https://sts.windows.net/63ce7d59-2f3e-42cd-a8cc-be764cff5eb6/’ does not exist in tenant ‘XX’ and cannot access the application ‘zscloud.net’(Zscaler) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account…

Is this happened to anyone?

1 Like
Disabled SSO for Zscaler desktop application
Disabled SSO for Zscaler desktop application
#2

Hi @sumanthdandaboina, I can think of a few things that may be happening here, but all will require more diagnostics. Do you have a support ticket open, they are best poised to help you resolve this?

1 Like
#3

Hey @skottieb I already opened it. go an advice that i have add my company domain as a tenant in our client Azure in order to accept this. OR i have to wait until April where Zscaler planned to release new update where it will support multi domains.
ticket # 02338424 for reference

#4

For users with multiple Azure AD identities, when zScaler requests an identity ticket, is there a way to “hint” to the user’s browser which identity provider it should retrieve the identity ticket from? Today it looks like my browser is simply sending whatever identity I used last, which is often not the identity that the zScaler is looking for.

#5

IIRC adding whr=<userdomain.com> to the IDP config url should get AAD select the correct tenant.

#6

Is there any solution for this issue as I am also facing the same issue, It is directly taking my company O365 login instead of customer login and show the same error.

#7

we are also facing same issue is there any solution identified .

Zscaler App tries to authenticate wrong tenant id
#8

Found solution,
You have to add your Client email account under “email & app accounts” which will resolve the issue. Once you add client account there, it will start prompting to select which account to use everywhere where ever Azure authentication is present.

Note: This option to add client email account is only available from OS Build version 1809 & 1909 versions.

#9

thank you so much it’s worked but unable to configured both Tenant O365 ID under " Add a Work or School Account " option , Tested build version 1909

#10

you can configure it. this will not make any difference… we are only adding Emil account here. Only microsoft O365 apps will be using this client ID you added.

#11

Sometimes this solution didn’t work, seems an intermittent problem, see: Zscaler App tries to authenticate wrong tenant id

#12

Yes… Microsoft behavior is unpredictable… No answer from them as well when this is asked for them…

Zscaler Facebook  Linkdin  Zscaler Twitter  Zscaler Youtube  Zscaler Blogs
 

Copyright 2008-2020 Zscaler™, Inc.Zscaler™, SHIFT™, Direct-to-Cloud™, ZPA™, and The Cloud-First Architect™ are trademarks or registered trademarks of Zscaler, Inc.in the United States and/or other countries. All other trademarks are the property of their respective owners.