Zscaler
Steps to get required configs
To sync data using Zscaler APIs, you need to add an authentication server (e.g. Microsoft Entra ID, Okta).
Your organization must meet the following requirements to be able to use OAuth 2.0 authentication:
You must have an API subscription. If you do not have a subscription, submit a Zscaler Support ticket.
You must have the API Roles configured in the ZIA Admin Portal. (You will need to create a API role with name
ZillaReaderRole
).You must have your client applications registered on your authorization server (i.e., PingFederate, Okta, or Azure AD) with the required scope and configured appropriately. To learn how to set up client applications on your OAuth 2.0 service provider, see the respective help documentation.
You must have your OAuth 2.0 authorization server added to the ZIA Admin Portal.
Documentation for Microsoft Entra ID - https://help.zscaler.com/zia/oauth-2.0-configuration-guide-microsoft-entra-id#add-permission.
Documentation for Okta - https://help.zscaler.com/zia/oauth-2.0-configuration-guide-okta.
You will get the OAuth token URL, Client ID and Client Secret from the authentication server.
Zscaler domain will be the domain you use to login into your Zscaler portal (e.g.
zscaler.net
).You will find your organization ID from the ZIA Admin Portal (under Administration > Settings > Company Profile).
Optional - In case of Microsoft Entra ID as an authentication server, you will need OAuth scope also. The format of the scope is
api://<Application ID>/.default
(e.g.api://fe2f6a75-199e-48a5-b9ef-a7357ab78c53/.default
).
Setup Zscaler Application Integration on Zilla
Visit the Zilla application and login using your admin credentials and then click
Add Application
in the top right.A window with a search bar appears, type in
Zscaler
in the search bar and hit enter.Zscaler
app entry will appear at the top of the list, clickAdd to Applications
button to the right.Fill in the form with appropriate details and then click
Add to Applications
.You will have the
Zscaler
app added into applications tab section, click on it.A detailed view of
Zscaler
application appears. ClickSync now
in top right corner.Enable API Integration and fill in the OAuth 2.0 Token Endpoint, Zscaler domain, Organization ID, Client ID, Client Secret, OAuth scope (Required for Microsoft Entra ID) config details collected from the earlier steps. Click
Next
.Click
Next
and the sync will begin, then clickDone
.Successful sync will pop up with Sync Summary. Click
Close
.