/
Overview of ZScaler Connector

Overview of ZScaler Connector

The ZScaler Connector facilitates integration between EmpowerID and ZScaler environments. It enables EmpowerID to inventory ZScaler objects and perform CRUD operations on specific ZScaler components. This connector allows seamless identity and access management process synchronization between EmpowerID and ZScaler systems.

The connector is implemented as a class library (DLL) that directly communicates with the ZScaler API to execute inventory and CRUD operations without intermediary services or microservices. Unlike other connectors, the ZScaler connector does not implement the SCIM microservie.

ZScaler Connector Environment

This section outlines the components and data flow of integrating EmpowerID with ZScaler.

Key Components

  • ZScaler Connector: Core to the EmpowerID environment, the connector is implemented as a class library (DLL) that initiates requests to execute inventory and CRUD operations in ZScaler. It directly communicates with the ZScaler API without any intermediary services or microservices.

  • EmpowerID Workflows: These workflows invoke the ZScaler connector to perform CRUD operations on supported ZScaler objects. The workflows are primarily responsible for executing CRUD operations.

  • ZScaler API: Acts as the primary interface for executing identity-related operations, including inventory synchronization. The connector directly interacts with the ZScaler API endpoints.

Data Flow Process

 

image-20250430-151231.png

 

1 - Request Processing

When users perform actions in EmpowerID or any workflow that initiates a request for ZScaler, the ZScaler Connector processes these requests. The connector is an integrated component rather than an independently deployed entity. It generates API calls formatted according to ZScaler's API specifications.

2 - Authentication

The ZScaler connector authenticates to the target ZScaler instance using the ZScaler login URL, client ID, and secret. This information is stored securely in EmpowerID's configuration for the ZScaler resource system. For each API call to the ZScaler API, the connector generates an authentication token using these credentials.

3 - API Communication

After authentication, the connector directly communicates with the ZScaler API to perform inventory and CRUD operations. The connector sends HTTP requests to the appropriate ZScaler API endpoints, where necessary operations are performed.

4 - Data Synchronization

The connector maintains data consistency through a robust inventory synchronization process between EmpowerID and ZScaler. This synchronization occurs during scheduled inventory operations. The ZScaler connector uses the inbox inventory mechanism, where all ZScaler objects (except SCIM Groups) are stored in the EmpowerID inbox tables. A scheduled job (inbox inventory processor) then synchronizes data from the inbox tables to the staging tables and then to the final ZScaler component tables.

ZScaler Connector Authentication

The ZScaler connector authenticates to the ZScaler API using the following process:

  1. Configuration Storage: The ZScaler login URL, client ID, and secret are stored securely in EmpowerID's configuration for the ZScaler resource system. These authentication parameters are configured when setting up the ZScaler resource system in EmpowerID.

  2. Token Generation: For each API call, the connector retrieves authentication-related information from the configuration and uses it to generate an auth token. Unlike other connectors, the authentication is specific to ZScaler and does not use OAuth 2.0 or OIDC.

  3. API Access: The generated token is used to authorize all subsequent API calls to the ZScaler instance.

No additional authentication mechanisms or intermediary services are involved in the authentication process. The connector directly handles authentication with the ZScaler API using the stored credentials.

Technical Implementation and Configuration

Unlike other connectors, the ZScaler connector is simply a class library (DLL) that is bundled with EmpowerID, not a separate microservice or application. It does not implement the SCIM interface and communicates directly with the ZScaler API. Previous Azure block storage implementations have been removed to focus on core functionality.

Administrators only need to provide the ZScaler login URL, client ID, and secret to configure the connector. These credentials are stored securely in EmpowerID and used for authentication with the ZScaler API.