We just changed IDP from ADFS to Azure AD. There’s no problem in authenticating users as well as user and group provisioning when we migrated to AAD with SCIM.
The problem is firstname.lastname@example.org doesn’t have members in the Zscaler local database. We’re using onprem AD groups which are syncrhonized to AAD.
When we were using ADFS, tokenGroup - Unqualified Names is used as LDAP Attribute, which is mapped to Outgoing Claim Type of “memberOf”
In Zscaler admin page this SAML Auto-provisioning options:
Now the question, since we moved from ADFS to Azure AD with SCIM, do we also need to configure group claims for user attributes and claims (the logic is similar with TokenGroups when using ADFS)?:
I’m not really a systems guy so maybe some of you may have experienced this.