Mar 27, 2018 Recently, Zscaler had a very successful IPO after a meteoric rise. Exoprise has witnessed, first hand, this rise in usage and adoption of Zscaler especially for Office 365 and other cloud apps. Sound of madness. Kingsoft office suite. Many mutual customers use CloudReady to test, monitor and compare Zscaler for Office 365 within their environments. Zscaler: Redefining Network Security Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud-first world.
BIG-IP as SAML IdP Configuration¶
This document describes the configuration for a SAML Identity Provider for SaaS Application workflow using a SaaS Application template. Follow the steps below to configure Zscaler:
- Logon to the BIG-IP user interface and click Access -> Guided Configuration
- Select the Federation category.
- Select SAML Identity Provider for SaaS Application to configure BIG-IP as a SAML Identity Provider.
- Review the Required Configuration information, and complete the following required step before you configure the SaaS Application.
- Provide the Identity Provider details.
- Provide the Virtual Server configuration details.
- Configure the Authentication method to use for the SAML Identity Provider.
- After you confgure the SaaS Application Configuration, configure (optional) Endpoint Checks and Customization settings.
Zscaler Configuration in Guided Configuration Workflow¶
Zscaler Speed Test App
The SaaS Application screen displays a list of applications from which you can select to configure SAML Service Provider applications. Select a specific application and click Add.
For example, to configure Zscaler, select Zscaler and click Add.
![Internet speed analysis Internet speed analysis](/uploads/1/3/7/4/137455229/358193565.jpg)
Common Application Properties¶
Zscaler Network Speed Test
- Specify the application name. The system uses the name internally, to identify configuration details for the application and the SAML service provider for it.
- Select whether the application supports IDP Initiated requests. Select the IdP Initiated option to display the application resource on the Webtop.
- Specify or modify the caption. The Webtop uses the caption to display the application resource.
- Specify an optional description for the application.
Application Specific Properties¶
- Zscaler Cloud Domain Name : Provide the Zscaler cloud name from the SSO URL. For eg - If URL is https://admin.zscloud.net/adminsso.do, then the domain name is zscloud.net only.
Additional SAML Attributes and ACS Properties¶
- Configure any additional attribute values to include in the SAML assertion to SaaS Application. Each SAML Attribute has an attribute name and attribute value. The session variable values can specify attribute values. Configure an AD or LDAP query to include specific attributes in session variables.
- Configure an additional Assertion Consumer Service URI if the application requires such a URI.
![Zscaler Zscaler](/uploads/1/3/7/4/137455229/359224029.png)
Security Properties¶
- Specify whether to sign the assertion and response, and specify the signing algorithm.
- Specify whether to require a signed Authentication Request. If required, select a signing certificate.
- Specify whether to encrypt assertions. If required, speciofy the encryption algorithm and select the encryption certificate.
- Complete the workflow configuration by configuring optional endpoint checks and customization.
Deploy the Configuration¶
- Deploy the configuration from the Summary screen.
- To retrieve the metadata for this configuration, navigate to Access -> Federation -> Saml Identity Provider -> Local Idp Services.
- Select the SAML SSO object created for for Zscaler, and click Export Metadata.
- Use the exported IdP SAML Metadata to configure the IdP Provider configuration in the Zscaler service.
Setup Zscaler as SAML Service Provider¶
Refer to Zscaler documentation to set it up as SAML Service Provider.
Test the Configuration¶
- To test the configuration, click on the link Click to test configuration on the Summary page.
- A succesful logon should display a Webtop that includes the IdP Initiated Applications.