With RSA happening this week and security top of mind, I’m excited to announce the public preview of automated user provisioning for Zscaler. This expansion of our partnership with Zscaler enables automated, policy-based provisioning and deprovisioning of user accounts for Zscaler’s single sign-on (SSO) apps across all production clouds.
With both Zscaler and Azure Active Directory (Azure AD) supporting the System for Cross-domain Identity Management (SCIM) 2.0 standard protocol, our joint customers can now use the Azure AD provisioning service to automate the lifecycle of user and group accounts for Zscaler. IT teams can use this SCIM integration to perform a user database sync with the Zscaler security cloud.
Zscaler customers can benefit by:
Eliminating manual processes: No more manual and error prone processes to create, update, or disable employee user accounts to Zscaler applications when they join, move within, or leave the company.
Increasing timely access: Reduce the time that your employees can get access to Zscaler applications when they join your company.
Increased security: Automatically disable user accounts to Zscaler applications in a timely fashion when employees leave the organization.
With the Azure AD automatic provisioning service, you can quickly deploy Zscaler applications throughout your organization and increase adoption while keeping your corporate assets safe. In addition, with always up-to-date user data, you can quickly adapt policy controls in response to changes in user security posture.
How to set up provisioning for your Zscaler application
If your Zscaler application is already integrated with Azure AD SSO, search for the application in Azure Active Directory > Enterprise Apps > All applications.
If you’re adding the application for the first time, select New applications and search for your desired Zscaler application:
Once you’ve added your Zscaler application, you can configure the app for provisioning:
After you configure and test your Zscaler application for provisioning, you can create attribute mappings between Azure AD and the Zscaler application. You’ll be able to view and edit what user attributes flow between Azure AD and the Zscaler application, as well as when user accounts are provisioned or updated.
To learn more about setting up your Zscaler application with the Azure AD automatic provisioning service, review our documentation and visit the Zscaler product page for more details. Let us know what you think in the comments below. As always, we’d love to hear any feedback or suggestions you have.
Alex Simons (@Alex_A_Simons) Corporate VP of Program Management Microsoft Identity Division