Zscaler
Visualize Zscaler Internet Access (ZIA) resources including accounts, users, roles, sites, applications, policies, and destinations. Monitor security policy configurations, track user access roles, and understand your Zscaler deployment through queries and alerts.
- Installation
- Authorization
- Data Model
- Types
- Release Notes
Installation
The Zscaler integration supports two authentication methods. ZIdentity + OneAPI (OAuth2) is the recommended modern approach, while legacy session-based authentication remains available for backward compatibility.
Configuring the Integration in JupiterOne
To install the Zscaler integration in JupiterOne, navigate to the Integrations tab and select Zscaler. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Zscaler account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
An authentication method (see below).
Click Create once all values are provided to finalize the integration.
ZIdentity + OneAPI (OAuth2) — Recommended
This method uses OAuth2 Client Credentials via ZIdentity. It requires:
- Client ID: The OAuth2 Client ID from your ZIdentity API client.
- Client Secret: The OAuth2 Client Secret from your ZIdentity API client.
- Vanity Domain: Your Zscaler tenant vanity domain (e.g.,
mycompanyformycompany.zslogin.net). - Zscaler Cloud (optional): The Zscaler cloud environment (e.g.,
zscaler,zscalerone,zscalertwo). Leave blank for the default cloud.
To create OAuth2 credentials:
- Log in to the ZIdentity Admin Portal.
- Create an API client with the Client Credentials grant type.
- Note the Client ID and Client Secret.
- Note your Vanity Domain — this is the subdomain portion of your
zslogin.netURL.
Legacy Authentication (API Key + Session)
This method uses an API key, username, and password to create a session-based connection to the Zscaler ZIA API. It requires:
- API Key: The API key used to authenticate with Zscaler.
- Username: The API user email address.
- Password: The API user password.
- Cloud Name: Your Zscaler cloud instance (e.g.,
zscaler,zscalerone,zscalertwo,zscalerthree,zscloud,zscalerbeta).
To create legacy API credentials:
- Log in to your Zscaler Admin Portal.
- Navigate to Administration > API Key Management.
- Generate or retrieve your API key.
- Note the cloud name from your Zscaler URL (the subdomain before
.net).
See the Zscaler API documentation for more information on generating API keys.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | zscaler_account | Account |
| Application | zscaler_application | Application |
| Application Category | zscaler_application_category | Group |
| Destination | zscaler_destination | Record |
| Policy | zscaler_policy | ControlPolicy |
| Policy Control | zscaler_policy_control | Control |
| Role | zscaler_role | AccessRole |
| Site | zscaler_site | Site |
| User | zscaler_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
zscaler_account | HAS | zscaler_role |
zscaler_account | HAS | zscaler_site |
zscaler_account | HAS | zscaler_application_category |
zscaler_account | HAS | zscaler_application |
zscaler_account | HAS | zscaler_destination |
zscaler_account | HAS | zscaler_policy |
zscaler_account | HAS | zscaler_user |
zscaler_application | HAS | zscaler_application_category |
zscaler_policy | HAS | zscaler_policy_control |
zscaler_user | ASSIGNED | zscaler_role |
Zscaler Account
zscaler_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
companyId | number | ||
webLink | string |
Zscaler Application
zscaler_application inherits from Application
| Property | Type | Description | Specifications |
|---|---|---|---|
appClass * | null | string | ||
category * | null | string | ||
categoryId * | null | string | ||
cloudAppCategory * | null | string | ||
riskScore * | null | number | ||
vendor * | null | string |
Zscaler Application Category
zscaler_application_category inherits from Group
| Property | Type | Description | Specifications |
|---|---|---|---|
categoryType * | null | string | ||
configuredName * | null | string | ||
customCategory * | null | boolean | ||
superCategory * | null | string |
Zscaler Destination
zscaler_destination inherits from Record
| Property | Type | Description | Specifications |
|---|---|---|---|
addresses * | null | array | ||
countries * | null | array | ||
destinationType * | null | string | ||
ipAddresses * | null | array | ||
urls * | null | array |
Zscaler Policy
zscaler_policy inherits from ControlPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
action * | null | string | ||
lastModifiedBy * | null | string | ||
lastModifiedOn * | null | number | ||
order * | null | number | ||
policyType * | null | string | ||
protocols * | null | array | ||
rank * | null | number | ||
state * | null | string |
Zscaler Policy Control
zscaler_policy_control inherits from Control
| Property | Type | Description | Specifications |
|---|---|---|---|
action * | null | string | ||
controlType * | null | string | ||
enabled * | null | boolean | ||
enforcement * | null | string | ||
policyId * | null | number |
Zscaler Role
zscaler_role inherits from AccessRole
| Property | Type | Description | Specifications |
|---|---|---|---|
functionalScope * | null | array | ||
permissions * | null | array | ||
policyAccess * | null | string | ||
rank * | null | number | ||
roleType * | null | string |
Zscaler Site
zscaler_site inherits from Site
| Property | Type | Description | Specifications |
|---|---|---|---|
authRequired * | null | boolean | ||
city * | null | string | ||
country * | null | string | ||
ipAddresses * | null | array | ||
language * | null | string | ||
ports * | null | array | ||
profile * | null | string | ||
sslScanEnabled * | null | boolean | ||
state * | null | string | ||
surrogateIP * | null | string |
Zscaler User
zscaler_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
adminScopeType * | null | string | ||
disabled * | null | boolean | ||
firstName * | null | string | ||
isPasswordLoginAllowed * | null | boolean | ||
lastLoginTime * | null | number | ||
lastName * | null | string | ||
loginName * | null | string | ||
passwordExpiryTime * | null | number | ||
twoFactorAuthEnabled * | null | boolean |
Release Notes
- 2026-04-15 — Added ZIdentity + OneAPI (OAuth2) as a second authentication method alongside legacy session-based auth.
- 2026-01-12 — Added support for ingesting Zscaler Internet Access data including applications, application categories, destinations, policies, roles, sites, and users.