The users removed in Azure group are not reflected on the 3rd party end .

Keerthivarman Manohar 0 Reputation points
2023-10-05T11:04:29.48+00:00

I'm using SAML via Azure group to authenticate users to Zscaler App .Noticed the users removed in Azure group are not reflected on the Zscaler end . Zscaler support team said "As you are using SAML, the deletion of users will be done manually It will not be synced with Zscaler as the policy changes in the Azure regarding the user removal. For SAML, the users need to be removed manually". I was wondering adding the user works.. why not the removal ? Is that a new policy ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,769 questions
{count} votes

1 answer

Sort by: Most helpful
  1. David Broggy 5,686 Reputation points MVP
    2023-10-05T15:00:30.83+00:00

    Hi Keerthivarman,

    That's my understanding of SAML as well.

    When you enable SAML you're allowing that 3rd party (Zscaler) to 'identify' your users.

    On the Azure AD side you are 'authorizing' the user to access specific resources.

    So if you have no user in Azure AD that matches the SAML user then they won't have access to any resouces, even though Zscaler has 'identified' them on their end.

    reference:

    https://www.strongdm.com/blog/saml-vs-oauth