This document is a work in progress, and the information is not yet complete and might not be fully correct.
Zscaler Connecter Features & Jobs
The EmpowerID ZScaler Connector supports the synchronization of identity data between EmpowerID and ZScaler to manage the ZScaler Resources, ensuring consistent and up-to-date information across both platforms. We inventory and manage Zscaler application segments and related resources and access policies in EID. The following are the Zscaler resources we inventory and can manage,
- Zscaler Servers
- Zscaler App connector Groups
- Zscaler Server Groups
- Zscaler Segment Groups
- Zscaler Application Segments
- Zscaler Access Policies
- Zscaler SCIM Groups for Azure IDP (Azure groups that are provisioned to ZPA)
- Create, Read, Update and Delete for ZscalerApplicationSegment
- Create ZscalerAccessPolicy
Inventory
Component Inventory Jobs
SyncScimGroupOnZscalerAccessPolicy
We need to configure the “SyncScimGroupOnZscalerAccessPolicy” component process job in the Zscaler account store to ensure it runs continuously in the background according to the set schedule.
This job's primary function is to assign the Azure group created during the access policy creation process using the Create Access Policy workflow in EmpowerID. The job continuously monitors if the Azure group created for a new access policy is available through provisioning in ZPA, using the linkage established by the workflow in the ZscalerAccessPolicyGroup table between the access policy and the Azure group.
Once the Azure group is available in ZPA, the job updates the IsSCIMGroupSet field to true in the ZscalerAccessPolicyGroup table and updates the corresponding access policy associated with the Azure group in ZPA.
This process enforces the zero-trust rule for all applications configured in the access policy using the Azure SCIM group.