I am using this Zscaler guide to integrate ZIA and ServiceNow:

https://help.zscaler.com/downloads/zscaler-technology-partners/data/zscaler-and-servicenow-deploymen...

On page 27, step 4, I was not able to perform

b. Select Set as Auto Redirect IdP.

because the "Set as Auto Redirect IdP" option does not appear in my ServiceNow instance (Tokyo).

So I did the steps in section "Configure Redirect on the Identity Provider" (pages 30-33).

When I go to the Identity Provider I created (see image "ServiceNow Zscaler Identity Provider.jpg") and clicked Test Connection I get an error that says:

User glen.winemiller@domain is not found
Ensure that the user you are trying the test connection with is present in the system.
Ensure that 'User Field' property value corresponds to the value set in the IDP returned through 'Subject NameID' in the response.

Azure AD is the IDP (identity provider) used by Zscaler for authentication.

My username in Azure AD is 'glen.winemiller@domain' (looks like an email address).
My username in ServiceNow is 'glen.winemiller' (does not look like an email address).

As can be seen in the identity provider image:

NameID Policy: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Advanced / User Field: email

The SAML attribute being sent by Azure ID is:

"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name":["glen.winemiller@domain"]

It seems the error "User glen.winemiller@domain is not found" might be due to ServiceNow not being able to correlate the SAML "name" attribute value (glen.winemiller@domain) with my ServiceNow username (glen.winemiller).

If this is true, how can I configure ServiceNow to use the SAML "name" attribute (which has been authenticated by Azure AD) as a surrogate for my ServiceNow username to allow access to ServiceNow?

Since my ServiceNow username (glen.winemiller) is different from my Azure AD username (glen.winemiller@domain), do I need to somehow map my ServiceNow username to my Azure AD username (or vice versa)?