Hello
What:
If you use JIT provisioning, go to your IDP and check if email attribute is present and contains the user’s email address. Then check if the mapping is done correctly (i.e. uses the correct email attribute name).
Finally, create a new admin user in your IDP and check if that new admin can log in.
When :
By April 15th
Why:
Zscaler has deployed a fix for attribute validation during JIR provisioning.
If you use JIT and don’t verify the mapping, you may see the error “Primary Email is required” while logging in to the admin console.
More details::
https://trust.zscaler.com/zscaler.net/posts/28776
My name is Tomek De Wille. Welcome to my blog about Zscaler 