• Manages users and groups in Zscaler Private Access based on changes in an external data store that is attached to PingFederate.
    • Creates, updates, and deletes users.
    • Allows you to enable the create, update, and delete capabilities independently.
    • Create groups and update group memberships.
  • Browser-based single sign-on (SSO) initiated by the service provider (SP) or identity provider (IdP).
  • Pre-populates some connection settings with the included quick connection template.

Intended audience

This document is intended for PingFederate administrators working with the Zscaler Private Access Provisioner.

Note: If you use Zscaler Internet Access, see the Zscaler Internet Access Connector documentation.
Before you start, you should be familiar with the following:

System requirements

  • PingFederate 9.0 or later.
  • A Zscaler Private Access administrator account.
  • To allow PingFederate to make outbound connections to the Zscaler API, you may need to whitelist the following domain in your firewall.
    • https://scim.your_Zscaler_domain.net