1. Bypass Authentication & SSL Interception for Certain URL Categories.

For easy management of the policy, first, we create a custom category which included all the required URL and IPs that need to be bypassed by Zscaler.

1- Create 2 user-defined categories:

a-Ask4key server IPs.(3 items)




b-Custom URLs for login portal and social login page (.(16 items)

      --> .accounts.google.com

      --> .ajax.googleapis.com/ajax/libs/jquery/

      --> .ask4key.com

      --> .code.jquery.com

      --> .facebook.com

      --> .gstatic.com

      --> .ip.zscaler.com

      --> .licdn.com

      --> .linkedin.com

      --> .login.yahoo.com

      --> .maxcdn.bootstrapcdn.com/bootstrap/

      --> .static.xx.fbcdn.net

      --> .twimg.com

      --> .twitter.com

      --> .yimg.com.xx.fbcdn.net

Open URL Categories: Administration > Resources > Access Control > URL Categories

Click Add on the top left to add New URL Categories (Ask4key server & Custom URLs for login portal and social login page).

Follow the image below.

Open Advanced Settings: Administration > Cloud Configuration > Advanced Settings > Authentication Exemptions

Select the URL Categories that create under Exempted URL Categories.

Create Policy for SSL Decryption.

Open SSL Inspection: Policy > Access Control > SSL Inspection> Policy for SSL Decryption

2. Configure SAML on Authentication Profile

Open Authentication Profile: Administration > Authentication > Authentication Configuration > Authentication Settings > Authentication Profile

Under Authentication Type, Select SAML then Click Configure SAML to edit SAML.

SAML Portal URL : https://apidp.ask4key.com/Ask4key/Login/Login

Login Name Attribute: LoginID

Enable SAML Auto-Provisioning.