Creating IDP Group

IDP grouping will be helpful and convenient for administrator to mapped certain access apps or other configuration based on the group that already created in your external IDP. Please refer to here abut external IDP configuration

In order to do that, you need to have admin user to modify tenant config, please check these KB down below about Admin access:


  1. login to
  2. Go to Settings tab> ZTNA
  3. In Accounts, choose Groups(IdP)
  4. Click "New Group" button
  5. It will expand and there are forms need to be fulfill
  6.  When filling the form, please follow these rules:
    • Group name is the required filed, which is a unique value with other groups
    • Status is optional toggle option, by default it will be enable (green)
    • Identity Provider selection option is required to choose, the list will be based on the IDP that you configured in here
    • Attribute details are required, here are the example value for "Expected Value" and "Attribute"
      • Directory Service (AD/LDAP)
        • Expected Value (CN=group-demo2,CN=Users,DC=test-nn,DC=lab)
        • Attribute (memberOf)
      • SAML & OpenID 
        • Expected value should be UUID (9d4ba2cf-7649-408c-b8a4-702b2ef44731)
        • Attribute is depends on the IDP, for Azure AD (group)
  7. When every form/field has been filled, click "Save" button, then pop-up notification for the group has been successfully added will be shown