ZTNA tenant integrated with Cloud SWG.

After creating test applications (web, RDP and SSH) on the ZTNA tenant, all tested applications worked fine when accessing via the ZTNA Portal.

When trying to access the same internal Applications with WSS Agent, via the Segment Application, no connectivity was possible i.e. there is no communication to the segment configured.

SAML is enabled on both ZTNA and Cloud SWG tenants as per the docs.

ZTNA Segment applications.

Cloud SWG.

WSS Agent.

SAML Authentication not enabled for the WSS Agent users.

Go to the Cloud SWG authentication policy and make sure that SAML authentication is enabled for Agent users.

Although SAML was configured on Cloud SWG, it must still be enabled for the WSS and SEP Agents (which it is not by default).

Cloud SWG requires SAML authentication in order to authenticate the requests into ZTNA; without any SAML authentication the requests are dropped before making it into ZTNA.