Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 18 subscribers
  • Views 5351 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ZTNA IDP setup?

john_kenny

Question regarding adding a ZTNA Identity Provider, in the docs it mentions to create a new tenant but later it also mentions the users it synchronises ties in with Centrals AAD Sync setup.  Does this mean we should be using the same AAD Tenant the Sync is using or a separate tenant for ZTNA?? If it's supposed to use separate AAD tenant for ZTNA IDP?  Just asking as I was assuming it should use the same AAD Tenant used for Centrals user sync, so the same users are authenticating unless this is by design (isolation) but then wouldn't the ZTNA AAD Tenant need to have B2C or multitenant setup for the ZTNA tenants apps??

Sorry this part was unclear in the start-up guide whether using a separate ZTNA AAD Tenant was by design?



This thread was automatically locked due to age.
  • +1

    You can and should use the same AAD Tenant. 

    It will use the same groups, already sync to Central via AAD Sync. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    was assuming that myself but wanted to check from the start-up guide lol......  It refers to using Synced users in ZTNE but at same time says to create a new ZTNE AAD Tenant but then surely should suggest using existing??  Anyway it would work using additional AAD Tenants but only setup as multitenant lol.

    Wasnt sure it this was purposely intended for Tenant Isolation purposes anyway thanks

    JK

  • 0 in reply to john_kenny

    Central can use the Azure AD Sync to get the AD information.

    ZTNA needs some further checks: You need the callback URL for example. 

    So simply create a new app registration in Azure and configure this one. 

    __________________________________________________________________________________________________________________

Unfiltered HTML