1. Bypass Authentication & SSL Interception for Certain URL Categories.
For easy management of the policy, first, we create a custom category which included all the required URL and IPs that need to be bypassed by Zscaler.
1- Create 2 user-defined categories:
a-Ask4key server IPs.(3 items)
--> 52.74.202.174
--> 54.169.30.169
--> 54.169.46.57
b-Custom URLs for login portal and social login page (.(16 items)
--> .accounts.google.com
--> .ajax.googleapis.com/ajax/libs/jquery/
--> .ask4key.com
--> .code.jquery.com
--> .facebook.com
--> .gstatic.com
--> .ip.zscaler.com
--> .licdn.com
--> .linkedin.com
--> .login.yahoo.com
--> .maxcdn.bootstrapcdn.com/bootstrap/
--> .static.xx.fbcdn.net
--> .twimg.com
--> .twitter.com
--> .yimg.com.xx.fbcdn.net
Open URL Categories: Administration > Resources > Access Control > URL Categories
Click Add on the top left to add New URL Categories (Ask4key server & Custom URLs for login portal and social login page).
Follow the image below.
Open Advanced Settings: Administration > Cloud Configuration > Advanced Settings > Authentication Exemptions
Select the URL Categories that create under Exempted URL Categories.
Create Policy for SSL Decryption.
Open SSL Inspection: Policy > Access Control > SSL Inspection> Policy for SSL Decryption
2. Configure SAML on Authentication Profile
Open Authentication Profile: Administration > Authentication > Authentication Configuration > Authentication Settings > Authentication Profile
Under Authentication Type, Select SAML then Click Configure SAML to edit SAML.
SAML Portal URL : https://apidp.ask4key.com/Ask4key/Login/Login
Login Name Attribute: LoginID
Enable SAML Auto-Provisioning.
