This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 11%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
I'm using SAML via Azure group to authenticate users to Zscaler App .Noticed the users removed in Azure group are not reflected on the Zscaler end . Zscaler support team said "As you are using SAML, the deletion of users will be done manually It will not be synced with Zscaler as the policy changes in the Azure regarding the user removal. For SAML, the users need to be removed manually". I was wondering adding the user works.. why not the removal ? Is that a new policy ?
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Hi Keerthivarman,
That's my understanding of SAML as well.
When you enable SAML you're allowing that 3rd party (Zscaler) to 'identify' your users.
On the Azure AD side you are 'authorizing' the user to access specific resources.
So if you have no user in Azure AD that matches the SAML user then they won't have access to any resouces, even though Zscaler has 'identified' them on their end.
reference:
Hello @Keerthivarman Manohar , let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.
