Zscaler Private Access Provisioner

The Zscaler Internet Access Provisioner allows PingFederate to integrate with Zscaler Internet Access for user and group provisioning and single sign-on (SSO).

Features

Manages users and groups in Zscaler Internet Access based on changes in an external data store that is attached to PingFederate.
- Creates, updates, and deletes users.
- Allows you to enable the create, update, and delete capabilities independently.
- Create groups and update group memberships.
Browser-based single sign-on (SSO) initiated by the service provider (SP) or identity provider (IdP).
Pre-populates some connection settings with the included quick connection template.

Intended audience

This document is intended for PingFederate administrators working with the Zscaler Internet Access Provisioner.

If you use Zscaler Private Access, see the Zscaler Internet Access Connector documentation.

Before you start, you should be familiar with the following:

The following sections of the Zscaler documentation:
The following sections of the PingFederate documentation:

System requirements

PingFederate 9.0 or later.
A Zscaler Internet Access administrator account.
To allow PingFederate to make outbound connections to the Zscaler API, you may need to whitelist the following domain in your firewall.
- https://scim.your_Zscaler_domain.net