What is Zscaler Internet Access? #
Zscaler Internet Access (ZIA) is a secure web gateway (SWG) that delivers cloud native, AI-powered cyberthreat protection and zero trust access to the internet and SaaS apps. ZIA prevents advanced attacks and data loss with a comprehensive zero trust approach.
Why Should You Use the Zscaler Internet Access Connector? #
The Zscaler Internet Access connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
ensure users are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Meridian executes read-only requests to the Zscaler Internet Access REST API and ingests only meta-data about Zscaler Internet Access devices. Meridian does not retrieve any data stored on your assets.
Configuring the Connector in Meridian #
| Field | Description | Example |
| URL | The URL of the API for Zscaler Internet Access | https://zsapi.zscalerone.net/api/va |
| User Name (legacy) | For legacy authentication. Meridian recommends secure OAuth2 authentication. User email for a Zscaler Internet Access account. | [email protected] |
| Password (legacy) | For legacy authentication. Meridian recommends secure OAuth2 authentication. Password for a Zscaler Internet Access account. | IAmIronMan |
| API Key (legacy) | For legacy authentication. Meridian recommends secure OAuth2 authentication. API Key for Zscaler Internet AccessFor more details about adding a new API key, see https://help.zscaler.com/zia/getting-started-zia-api | s0m3rAnd0mKey |
| Client ID | A unique, public identifier issued to the client application during registration with the authorization server | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Client Secret | A secret string used by the client application for authenticating with the ZIA authorization server | eW91cl9jbGllbnRfc2VjcmV0X2hlcmVfZXhhbXBsZV9vbmx5 |
| Scope | Defines the permissions required by the client application to access the ZIA API. When you define a role, you also define the scope. The format is: <Zscaler Cloud Name>::<Org ID>::<API Role> | zscalerbeta.net::8956412::sampleRole |
| Domain | Zscaler Internet Access Vanity Domain (for OAuth2) | Acme |
Source Documentation #
Creating Legacy Credentials #
To define an admin user, see https://help.zscaler.com/zia/adding-admin-roles
To create an API Key, see https://help.zscaler.com/zia/getting-started-zia-api, section on Using ZIA Admin Credentials and API Key/Token or https://help.zscaler.com/zia/managing-cloud-service-api-key.
To locate the API key/token:
- Log in to the ZIA Admin Portal using your admin credentials.
- Go to Administration > Cloud Service API Key Security.
- To view the Cloud Service API Key Management page, the admin must be assigned an admin role that includes the Authentication Configuration functional scope.
- For the cloud service API, on the Cloud Service API Key tab, the base URL and key details are displayed within the table
Creating OAuth Credentials #
- For details about defining a role and scope for OAuth authentication, see:
https://help.zscaler.com/zia/adding-api-roles
Add the following to the role:
-
- Policy and Components > Device Management > View Only
- Administrative Controls > User Management > View Only
- For details about the prerequisites for using OAuth with ZIA, see:
https://help.zscaler.com/legacy-apis/getting-started-zia-api#OAuthPrerequisites
- For detail about retrieving client ID and client secret, see:
https://help.zscaler.com/legacy-apis/getting-started-zia-api#RetrieveAccessToken
API Documentation #
API V1
