Easy enough, essentially it’s a trusted method for managing CRUD<\/a>. With the added benefit of also being about to tell the system it’s updating specific attributes about the user or group that it’s changing. <\/p>\n\n\n\n Let’s get started , Zscaler official documentation for this process is here<\/a>.<\/p>\n\n\n\n Login to your Zscaler Admin portal , I’m doing this in the ZIA admin portal. Then we’ll navigate to the Administration > Authentication Settings<\/strong> section. <\/p>\n\n\n\n Now let’s go to Identity Providers<\/strong> tab, Edit<\/strong> the IdP we setup before.<\/p>\n\n\n\n Scroll to the Provisioning Options<\/strong> section.<\/p>\n\n\n\n Click Enable SCIM Provisioning. Now let’s add in the Exempted URL’s. Browse to Administration \u2192 Cloud Configuration \u2192 Advanced Settings<\/strong><\/p>\n\n\n\n Scroll to AUTHENTICATION EXEMPTIONS<\/strong> and add the following URLs.<\/p>\n\n\n\n Click SAVE<\/strong>, and of course, Activate<\/strong> your changes!<\/p>\n\n\n\n Next we’re going to login to Azure and connect everything together. On your Azure Portal, browse to your Entra ID service > Manage > Enterprise Applications<\/strong> , then Select your Zscaler ZIA Tenant Cloud we setup earlier. In my case it’s Zscaler Two. <\/p>\n\n\n\n From there, expand under Manage<\/strong> and select Provisioning<\/strong>. <\/p>\n\n\n\n Select the Get Started<\/strong> button to launch the Provisioning wizard. First change the Provisioning Mode<\/strong> to Automatic<\/strong>. <\/p>\n\n\n\n Under Admin Credentials<\/strong> enter the following:<\/p>\n\n\n\n Tenant URL<\/strong>: Paste in the Base URL<\/strong> from your Secure Notes<\/p>\n\n\n\n Secret Token<\/strong>: Paste in the Bearer Token<\/strong> from your Secure Notes <\/p>\n\n\n\n Click Test Connection<\/p>\n\n\n\n You should get a message indicating a success. If you get an error, double check your Tenant URL and Bearer Token are correct. If needed re-generate a new Bearer Token in the ZIA Admin Console. <\/p>\n\n\n\n After getting a Confirmation of a Successful Test, Click Save. <\/p>\n\n\n\n Now Exit the Provisioning by clicking the X in the right corner. Then we need to re-enter Provisioning by Edit Provisioning. This is because the Settings section won’t update without exiting first. <\/p>\n\n\n\n Once back in the Provisioning<\/strong> page, Expand the Settings<\/strong> section and set the Scope to Sync Only assigned users and groups<\/strong> make sure the Provisioning Status<\/strong> is On<\/strong>, then click Save<\/strong> at the Top. Exit the Provisioning pane. <\/p>\n\n\n\n Assigning users and groups<\/strong><\/p>\n\n\n\n Now in the Enterprise Application in Azure for your Tenant, Select Users and Groups. We will add the appropriate Users\/Groups that we want to use Entra ID for IdP into Zscaler. <\/p>\n\n\n\n Select Add user\/group and assign your resources. Be sure to save of course. <\/p>\n\n\n\n At this point you should be able to Test Logging into Zscaler Client Connector with your Entra ID Credentials. <\/p>\n\n\n\n When you sign if you are brought to your iDP sign in page, Success!<\/p>\n\n\n\n Next series of Posts we’ll start digging into some additional lab content and how the services for Secure Internet and Remote Application Access work. <\/p>\n","protected":false},"excerpt":{"rendered":" Welcome back, so far we’ve stood up our Azure and Zscaler tenants and connected them with SAML Authentication. Next we need to enable the SCIM (System for Cross-domain Identity Management). If you’re an old Systems and Data Center person like me, don’t feel bad if you had to look up what SCIM is. I had … Continue reading Building a Zscaler Lab Part 3 (SCIM enablement)<\/span> ![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-11.22.37\u202fAM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-11.25.23\u202fAM-1024x543.png\")
<\/figure>\n\n\n\n
Copy the Base URL<\/strong> URL and the Bearer Token<\/strong> to your secure notes.
Click Save<\/strong> when complete.
Activate<\/strong> your changes.<\/p>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-11.28.21\u202fAM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.04.47\u202fPM.png\")
<\/figure>\n\n\n\nlogin.windows.net<\/code><\/p>\n\n\n\nlogin.microsoftonline.com<\/code><\/p>\n\n\n\n*.windowsazure.com<\/code><\/p>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.07.32\u202fPM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.15.09\u202fPM-1.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.19.59\u202fPM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.24.34\u202fPM-1.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.38.17\u202fPM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.42.32\u202fPM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-06-at-4.52.11\u202fPM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-13-at-10.41.33\u202fAM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-13-at-10.42.04\u202fAM.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/gigabrit.com\/wp-content\/uploads\/2024\/05\/Screenshot-2024-05-13-at-10.42.47\u202fAM.png\")
<\/figure>\n\n\n\n