Zscaler
Configuring the Veza Integration for Zscaler
Early Access:: The Zscaler integration is provided as an Early Access feature. Please contact our support team for more details.
Overview
The Veza integration for Zscaler enables the discover of Users, Administrators, Groups, and Roles from the Zscaler platform. Veza uses Zscaler APIs to populate the Authorization Graph with entities and metadata.
This document explains how to enable and create a Zscaler Integration. See Notes and Supported Entities for more details.
Configuring Zscaler
Before adding the integration to Veza, create an API client on the Zscaler platform for the connection.
Browse to your Zscaler instance's admin portal (ex: https://admin.zscalerthree.net/)) and log in.
In the left-hand navigation menu, click Administration, then click Cloud Service API Security under the Authentication heading.
Click Add API Key in the upper-left corner of the screen to create a new API Key, or record the value in the Key column for an existing key.
Record the base URL value shown at the top of the screen (ex: zsapi.zscalerthree.net/api/v1) - the portion between zsapi and .net is the Cloud Name required during Veza configuration.
Configuring Zscaler on the Veza Platform
To enable Veza to gather data from the Zscaler platform:
In Veza, navigate to Configuration > Integrations
Click Add Integration and select Zscaler as the type of integration to add.
Enter the required information and click Create Integration
Field | Notes |
---|---|
Name | A unique display name for the Zscaler connection |
Api Key | The API key created on the Zscaler platform above |
Cloud Name | The Zscaler cloud name (ex: zscalerthree) |
User Name | The username of an administrative user on the Zscaler platform |
Password | The password for the administrative user on the Zscaler platform |
Notes and Supported Entities
The connector discovers the following entities and attributes
Zscaler User
Attribute | Notes |
---|---|
| The user's department |
| Comments on the user object |
| Boolean True if the user is marked as an auditor |
| Boolean True if the user is marked as noneditable |
| Boolean True if the user's password is expired |
| Boolean True if the user can login with a password |
| Temporary e-mail used for initial user authentication |
| The user's type (SUPERADMIN, ADMIN, AUDITOR, GUEST, REPORT_USER, or UNATH_TRAFFIC_DEFAULT) |
Zscaler Group
Attribute | Notes |
---|---|
| Comments on the group object |
Zscaler Role
Attribute | Notes |
---|---|
| Boolean True if the role applies to auditors |
| Boolean True if the role is marked as noneditable |
| Admin rank for the role (roles of higher rank can manage objects at lower rank) |
Last updated