Provisioning ZScaler ZIA with SCIM using PingOne
You can use a SCIM connection in PingOne to provision users and groups to your ZScaler Internet Access (ZIA) account.
ZScaler ZIA is a secure internet and web gateway that provides users with safe, fast, and direct access to the internet by inspecting and enforcing policies on all internet-bound traffic.
Before you begin
Make sure that you have:
-
A ZScaler ZIA administrator account. Learn more on the ZScaler website or contact ZScaler sales.
-
Users created and assigned to a group specifically for ZScaler ZIA provisioning in PingOne. Learn more in Adding a user and Managing groups.
Steps
-
In the PingOne admin console, Create a SCIM provisioning connection to ZScaler ZIA.
Enter the following configurations that apply to your ZScaler ZIA account:
-
Name: Enter a name for your connection, such as
ZScaler ZIA SCIM Provisioning. -
(Optional) Description: Enter a description for your ZScaler ZIA provisioning connection.
-
SCIM Base URL: Enter the full URL of your ZScaler ZIA SCIM endpoint, such as
https://zscaler-zia-example.com/v2/. -
Authentication Method: Select OAuth 2 Bearer Token.
-
OAuth Access Token: Enter the SCIM API token provided by ZScaler ZIA.
-
In the Actions section, ensure the following options remain selected:
-
Allow Users to be Created
-
Allow Users to be Updated
-
Allow Users to be Disabled
-
Allow Users to be Deprovisioned
-
-
-
Create an outbound rule and select the ZScaler ZIA connection as the target.
-
Configure attribute mapping for outbound provisioning and map PingOne user attributes to the corresponding attributes expected by ZScaler ZIA.
The Username attribute used for ZScaler ZIA sign-on must be in email address format.
-
Add a user filter to specify which identities should be provisioned. Filters are based on attributes such as population, group membership, or other user details. Learn more in Example user filters.
-
Configure outbound group provisioning and add the groups you created in PingOne for ZScaler ZIA.
-
Confirm users and groups are successfully provisioned to ZScaler ZIA. View the sync status to review synchronization results and any errors. You can find examples in Outbound provisioning sync summary examples.