Zscaler Private Access Provisioner

The Zscaler Private Access Provisioner allows PingFederate to integrate with Zscaler Private Access for user and group provisioning and single sign-on (SSO).

Features

Manages users and groups in Zscaler Private Access based on changes in an external data store that is attached to PingFederate.
- Creates, updates, and deletes users.
- Allows you to enable the create, update, and delete capabilities independently.
- Create groups and update group memberships.
Browser-based single sign-on (SSO) initiated by the service provider (SP) or identity provider (IdP).
Pre-populates some connection settings with the included quick connection template.

Intended audience

This document is intended for PingFederate administrators working with the Zscaler Private Access Provisioner.

If you use Zscaler Internet Access, see the Zscaler Internet Access Connector documentation.

Before you start, you should be familiar with the following:

The following sections of the Zscaler documentation:
The following sections of the PingFederate documentation:

System requirements

PingFederate 9.0 or later.
A Zscaler Private Access administrator account.
To allow PingFederate to make outbound connections to the Zscaler API, you may need to whitelist the following domain in your firewall.
- https://scim.your_Zscaler_domain.net