With this provisioning method, you can upload user information to the Zscaler database by simply adding the information manually in the ZIA Admin Portal, importing the information from a CSV (Comma-Separated Value) file, or using the Zscaler Authentication Bridge. There is no limit to the number of users that an organization can store in the database.

When users are added directly to the Zscaler database, password-based authentication is the default authentication method. The passwords are uploaded with the username, group and department information, and they are stored in the database in an encrypted format. You can define the complexity of passwords and configure expiry periods. For additional security, you can require users to enter a password that is different from their corporate password.

The Zscaler Central Authority (CA) authenticates users according to the method configured for the organization. With password-based authentication, the CA displays the password request form to the user after it receives the request with the username from the ZIA Public Service Edge. After the user submits the password, the CA matches it with the password in the database. It authenticates the user when it finds a match.

Configuring the Hosted User Database

To configure the Hosted User Database as your provisioning method:

• 1. Enable Enforce Authentication for the Location

  To enable authentication for a location:

  1. Go to Administration > Location.
  2. Click the Edit icon next to the location.

  The Edit Location window appears.

  3. In the Edit Location window, enable Enforce Authentication.
  4. Click Save and activate the change.

  Close
• 2. Configure the Hosted User Database

  To configure the Zscaler Hosted User Database:

  1. Go to Administration > Authentication Settings.
  2. In the Authentication Profile section:
     • Directory Type: Choose Hosted DB.
     • Authentication Frequency: Choose how often users are required to authenticate to the Zscaler service. If you select Custom, specify 1 to 180 days.
     • Authentication Type: Choose Form-Based.
     • Temporary Authentication: Choose One-Time Token or One-Time Link if you would like to use a temporary authentication method.
     • Password Strength: Choose one of the following options:
       • None: Have no restriction on the strength or complexity of the passwords. This is the default.
       • Medium: Require users to set passwords that are at least eight characters long and contain at least one non-alphabetic character. Only ASCII characters are allowed.
       • Strong: Require users to set passwords that are at least eight characters long and contain at least one digit, one capital letter, and one special character. Only ASCII characters are allowed.
     • Password Expiry: Choose the duration after which users must change their passwords. The default is Never.
  3. Click Save and activate the change.

  Close
• 3. Add Users, Groups, and Departments in Database

  To add users, groups, and departments in the Zscaler database:

  1. Go to Administration > User Management.
  2. In the Users tab, you can:
     • Manually add each user along with their group and department
     • Import a CSV file with user information
     • Use the Zscaler Authentication Bridge to import user information

  Close

Troubleshooting

If a hosted user is unable to authenticate, go to Administration > User Management and verify the user's User ID and Password. The user might have entered an incorrect password, so try resetting it.