Zscaler

Steps to get required configs

• To sync data using Zscaler APIs, you need to add an authentication server (e.g. Microsoft Entra ID, Okta).

• Your organization must meet the following requirements to be able to use OAuth 2.0 authentication:

  • You must have an API subscription. If you do not have a subscription, submit a Zscaler Support ticket.

  • You must have the API Roles configured in the ZIA Admin Portal. (You will need to create a API role with name ZillaReaderRole).

  • You must have your client applications registered on your authorization server (i.e., PingFederate, Okta, or Azure AD) with the required scope and configured appropriately. To learn how to set up client applications on your OAuth 2.0 service provider, see the respective help documentation.

  • You must have your OAuth 2.0 authorization server added to the ZIA Admin Portal.

  • Documentation for Microsoft Entra ID - https://help.zscaler.com/zia/oauth-2.0-configuration-guide-microsoft-entra-id#add-permission.

  • Documentation for Okta - https://help.zscaler.com/zia/oauth-2.0-configuration-guide-okta.

  • You will get the OAuth token URL, Client ID and Client Secret from the authentication server.

• Zscaler domain will be the domain you use to login into your Zscaler portal (e.g. zscaler.net).

• You will find your organization ID from the ZIA Admin Portal (under Administration > Settings > Company Profile).

• Optional - In case of Microsoft Entra ID as an authentication server, you will need OAuth scope also. The format of the scope is api://<Application ID>/.default (e.g. api://fe2f6a75-199e-48a5-b9ef-a7357ab78c53/.default).

Setup Zscaler Application Integration on Zilla

• Visit the Zilla application and login using your admin credentials and then click Add Application in the top right.
  
  

  Open

  

   

• A window with a search bar appears, type in Zscaler in the search bar and hit enter. Zscaler app entry will appear at the top of the list, click Add to Applications button to the right.
  
  

  Open

  

   

• Fill in the form with appropriate details and then click Add to Applications.
  
  

   

• You will have the Zscaler app added into applications tab section, click on it.
  
  

   

• A detailed view of Zscaler application appears. Click Sync now in top right corner.
  
  

   

• Enable API Integration and fill in the OAuth 2.0 Token Endpoint, Zscaler domain, Organization ID, Client ID, Client Secret, OAuth scope (Required for Microsoft Entra ID) config details collected from the earlier steps. Click Next.

   

• Click Next and the sync will begin, then click Done.

   

• Successful sync will pop up with Sync Summary. Click Close.