Skip to main content
warning

This document is a work in progress, and the information is not yet complete and might not be fully correct.

Create and Manage ZScaler Access Policy

Managing Zscaler access policies in EmpowerID ensures centralized control over user access and security enforcement. By integrating with Zscaler, EmpowerID enables seamless policy creation and management, reducing administrative overhead and ensuring policies remain synchronized across systems.

This article explains how to create and manage Zscaler Access Policies using the `Create Zscaler Access Policy wizard', which simplifies the process by guiding you through policy configuration in EmpowerID, ensuring it is properly created in the downstream Zscaler Account Store.

info

When you run the workflow to create an access policy, the Azure group selected is not immediately assigned to the access policy. This delay occurs because a new Azure group is created in the background during the successful execution of the workflow. More details have been provided in the Zscaler Connecter Features & Jobs article.

  1. Navigate to Applications
    • Go to Resource AdminApplications.
    • Search for the ZScaler application.
    • Click the gear icon and select the Onboard ZScaler Segment menu item.
      image-20240718-054628.png
  2. Select Resource System
    • Search for and select the appropriate Zscaler resource system.
      image-20240718-055330.png
    • Click Next.
  3. Provide Policy Details
    • Name: Enter the prefix to be used for the Access Policy name.
    • Description: Provide a brief description of the Access Policy.
    • Action: Choose between "Allow Access" or "Block Access".
  4. Select Application Segment
    • Search and Select the Application Segment
  5. Input Group Details
    • Create SCIM Group: Indicates a SCIM Group will be created (cannot be unchecked since it is by default).
    • Create App Right with the same Fulfillment Group: If checked, an AzLocalRight will be created.
    • Group Name: Prefix for the SCIM Group name.
    • Group Type: Select the appropriate type (e.g., Microsoft 365 Group / Security Group).
  6. The Access Policy will be created in EmpowerID and synchronized with ZScaler.

View Access Policy

  1. On the navbar, expand Identity Administration and click Specialized Systems.
  2. Click on ZScaler Manager
  3. Select the Access Policy tab.
    image-20240708-084717.png
  4. Click the Name link for the policy. This directs you to the details page for the access policy. There, you can find the ZscalerAccessPolicyGroups and applications associated with the server.
    image-20240708-085114.png

See Also

View Zscalar Resources