Zscaler App tries to authenticate wrong tenant id

We instructed to install Zscaler app in 3rd party organization laptop to use ZPA as service in order to access our internal network in secure way. Both the organization uses Azure SSO as SAML IDP. When 3rd party user try to login Zapp with our UPN [user1@xxx.com], Zscaler app always picks the cached UPN credential [user1@yyy.com] from the laptop and throws error

user1@yyy.com from identity provider does not exist in tenant “XXX” and cannot access the application Zscaler.

a) is there way to force Zscaler app always use given UPN instead of looking for cached crdential

Ganesh Krishnan

1 Like

I have the same issue. Sometimes ZScaler works pretty well and let me pick the account from an option dialog (I have two accounts connected to my Windows 10 laptop - one which I use to log in the laptop and another one I must use in ZScaler – my customer site account).

But sometimes the ZScaler didn’t let me choose the account and I got stucked with that error about the wrong tenant id. I still didn’t understand what I can do to handle this problem in an effective way. Logout and login again in the Win10 makes no difference most of times. But sometimes helps. I already did a repair in the installation as well, the same.

I think its a bug in ZScaler. It should always show us the two accounts to pick. Another weird behaviour is the very first screen ask the email account, makes no difference in this process but should, since in that very first screen we already tell to ZScaler the proper email to use. No sense to keep stucked in use other than that we inform to.

I waste many hours of my work today stucked in this problem. In my case, my laptop didn’t accept local accounts, only company managed accounts so, no workaround on this for me. I was just log out and re-login again over and over until ZScaler decides to work as expected. :frowning: It’s frustrating.

Related solution but as discussed before sometimes is not effective: Zscaler App login issue -- uses my infosys when given with my client account

In my case, I had the two accounts proper configured in my Win10 and even in this case I got the (intermittent) problem:

A workaround is:

  1. open the Microsoft Edge (not the Google Chrome neither Mozilla Firefox)
  2. try to login in the outlook web
  3. logout if it’s already logged in the other service company domain
  4. log in using the service company domain you would like to use in ZScaler
  5. try the login at ZScaler again

Now the wrong tenant id message probably will not show up and you should be directed to the account switch screen inside the ZScaler app to pick an account.