Configuring provisioning for ZScaler
Use this task to provision users from IBM® Security Verify to a ZScaler application.
Before you begin
- A configured identity provider
- A ZScaler account with administrator access
About this task
Provisioning provides the following features.
- Create new users
- New users that are created through Verify are also created in the ZScaler application.
- Delete users
- Deactivating the user or disabling the user's access to the application through Verify deletes the user in the ZScaler application.
- Modify user profile
- Updates made to the user's profile through Verify are pushed to the ZScaler application.
- User suspend and restore
- Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the ZScaler application.
- User synchronization and remediation
- The ZScaler application supports user synchronization, remediation, and group synchronization
features.
User synchronization fetches all the target application users in Verify and matches the fetched users with users in Verify. The adoption policy that is defined on the application specifies the matching attributes for adoption of the reconciled users.
Remediation policy can be configured to remediate user accounts with attribute values that differ between Verify and the target application. Verify supports the following three remediation policies.- NONE - Do not remediate non-compliant accounts automatically.
- ON_SV - Update Verify account attribute values with the target application values.
- ON_TARGET - Update target application account attribute values with Verify values.
Group synchronization fetches all the target application groups in Verify.
- Fine grained entitlement
- Assignment of groups to users is supported.
Procedure
-
Log in as an admin user to your ZScaler account by using the following URL:
https://admin.zscalerbeta.net
- Navigate to .
- Select the identity provider that you want to modify and click the edit icon.
- In the Provisioning Options section, enable the Enable SCIM Provisioningoption.
- Copy the Base URL.
- Click Generate Token to create a bearer token. The Base URL and token are needed to configure user provisioning in Verify.