Cloud SWG users accessing internet sites using WSS Agents.

To provide access to internal applications, a ZTNA integration performed with Cloud SWG.

After connecting from their WSS Agent hosts successfully, and authenticating via SAML, users cannot seem to resolve or access any of the segment applications. No error message is reported other than the standard connectivity error.

Cloud SWG.

ZTNA.

No 'identity provider' selected as part of the WSS / Cloud SWG integration.

If this is not the exact same SAML identity provider, it is imperative that the name identifier sent in the SAML assertion on the Cloud SWG side match a user with the same identifier on the ZTNA side e.g. if the Cloud SWG SAML assertion has a subject NameID of [email protected], the identity provider on the ZTNA side must have a user with this matching identity.