Secure Internet and SaaS Access (ZIA)
Configuring Role-Based Administration
Zscaler recommends adding roles before adding admins, because you will need to select a role for each admin that you create.
To configure role-based administration:
- Add admin roles or SD-WAN partner API roles.
Admins can add API roles but these roles are never associated with an admin. Instead, an API role is used when configuring an OAuth 2.0 authentication server. The API role is used in the JWT token issued by the authorization server to define the role of the API application client.
To learn more, see Securing ZIA APIs with OAuth 2.0.
- Add admins or SD-WAN partner API clients.
- (Optional) Add auditors.
For example scenarios of role-based administration, see Role-Based Administration Configuration Examples.