Zscaler Internet Access Provisioner

The Zscaler Internet Access Provisioner allows PingFederate to integrate with Zscaler Internet Access for user and group provisioning and single sign-on (SSO).

Features

Manages users and groups in Zscaler Internet Access based on changes in an external data store that is attached to PingFederate.
- Creates, updates, and deletes users
- Allows you to enable the create, update, and delete capabilities independently
- Creates groups and updates group memberships
Supports browser-based SSO initiated by the service provider (SP) or identity provider (IdP)
Pre-populates some connection settings with the included quick connection template

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

The following sections of the Zscaler Internet Access documentation:
The following sections of the PingFederate documentation:

System requirements

PingFederate 9.0 or later.
A Zscaler Internet Access administrator account.
To allow PingFederate to make outbound HTTPS connections, you might need to allow the following host names in your firewall:
- https://scim.<your_Zscaler_domain>.net