/
Zscaler Connecter Features & Jobs

Zscaler Connecter Features & Jobs

The EmpowerID ZScaler Connector supports the synchronization of identity data between EmpowerID and ZScaler to manage the ZScaler Resources, ensuring consistent and up-to-date information across both platforms. We inventory and manage Zscaler application segments and related resources and access policies in EID.

Supported ZScaler Objects

The ZScaler connector can inventory the following objects:

  • ZScaler Servers

  • ZScaler App Connector Groups

  • ZScaler Server Groups

  • ZScaler Segment Groups

  • ZScaler Application Segments

  • ZScaler Access Policies

  • ZScaler SCIM Groups

Among these objects, the connector can perform full CRUD operations (insert, delete, update) only on:

  • ZScaler Application Segment

  • ZScaler Access Policy

Inventory

Component Inventory Jobs

SyncScimGroupOnZscalerAccessPolicy

We need to configure the “SyncScimGroupOnZscalerAccessPolicy” component process job in the Zscaler account store to ensure it runs continuously in the background according to the set schedule.

This job's primary function is to assign the Azure group created during the access policy creation process using the Create Access Policy workflow in EmpowerID. The job continuously monitors if the Azure group created for a new access policy is available through provisioning in ZPA, using the linkage established by the workflow in the ZscalerAccessPolicyGroup table between the access policy and the Azure group.

Once the Azure group is available in ZPA, the job updates the IsSCIMGroupSet field to true in the ZscalerAccessPolicyGroup table and updates the corresponding access policy associated with the Azure group in ZPA.

This process enforces the zero-trust rule for all applications configured in the access policy using the Azure SCIM group.