zScaler App Seamless ADFS Auth


(Khan) #1

Hi,

I got the ADFS seamless auth working for internal organizational users. The off-network users (employees taking their laptops home) still need to be authenticated and enforced via zScaler.

What is the best way to make zScaler App authenticate seamlessly with ADFS for off-network users?

I noticed that if the laptop is on the network and zAP authenticates, then it works off-network as well unless the user explicitly logs out of the app. Restart of the app still retains the credential information.

Is that expected behaviour?

Regards


(Jones Leung) #2

Hi Cash,

Would you double check, without Zapp, when you access the ADFS test URL (https:///adfs/ls/idpinitiatedsignon.htm) from a browser, is the auth transparent and seamless?

Zapp leverages ADFS for auth in your case, and we need to make sure the ADFS auth process is seamless for Zapp to resuse.

Best Regards,

Jones Leung

SE Manager, Greater China

Zscaler, Inc


(Khan) #3

Thanks Jones for the reply.

Without Zapp, I get presented with a login page from our ADFS server, which I believe is expected behavior as the user is off-network with no access to domain controllers.

Regards
C


(Jones Leung) #4

I see.

Even users are outside the office, the saml auth can still be a transparent one. If the saml auth is transparent when user is outside the office, even will be able to inherit it.

Suggest you to check if it is by design that the adfs auth is not transparent when user is outside the office. E.g. if user will do saml auth with adfs proxy (which is not domain joined according to MSFT recommendation) instead of with adfs server itself directly (which is domain joined), the auth will be non transparent.