Documentation
Zscaler Connectors
Developer Center
Zscaler Legacy
Secure Internet and SaaS Access (ZIA) Help
- Getting Started
- Understanding the ZIA Cloud Architecture
- Step-by-Step Configuration Guide for ZIA
- Accessing and Using the Executive Insights App
- Admin Portal
- Accessing and Navigating the ZIA Admin Portal
- What Is My Cloud Name for ZIA?
- Viewing Subscriptions
- About Zscaler Data Privacy
- Accepting the End User Subscription Agreement (EUSA)
- About the Company Profile
- About Notification
- Customizing Your Admin Account Settings
- Saving and Activating Changes in the ZIA Admin Portal
- Editing, Deleting, or Duplicating Items
- Using Tables
- Searching on the Admin Portal
- Using the Zscaler Help Browser
- Checking for IP Addresses on the Denylist
- Ranges & Limitations
- Supported Browsers for ZIA
- Zscaler Service Continuity Customer Notification Protocol
- Reference Architecture
- Data Protection with Secure Internet and SaaS Access
- Local Inspection with ZIA Private Service Edge and Virtual Service Edge
- TLS/SSL Inspection with Zscaler Internet Access
- Traffic Forwarding in Zscaler Internet Access
- User Provisioning and Authentication to Zscaler Services
- Zscaler DNS Security and Control
- Authentication & Administration
- Administrator & Role Management
- Configuring Role-Based Administration
- Role-Based Administration Configuration Examples
- Understanding Administrator Management Settings
- Configuring Password Expiration
- Configuring Restricted Access for Admins
- Configuring Advanced Configuration for Admins
- Obfuscating User Names for Admins
- Obfuscating Device Information for Admins
- About Auditors
- Adding Auditors
- About Audit Logs
- About Event Logs
- Administrators
- Role Management
- SAML for Admins
- User Management & Authentication Settings
- About Provisioning and Authenticating Users
- Choosing Provisioning and Authentication Methods
- About Authentication Default Settings
- Configuring the Default Authentication Profile
- Configuring the Hosted User Database
- Managing Forced Reauthentication
- Configuring a One-Time Token or One-Time Link
- About User Authentication Frequency
- About Authentication Profiles
- Configuring Custom Authentication Timeout Profiles
- About Zscaler Cookies
- About Surrogate IP
- Exempting URLs and Cloud Apps from Authentication
- Recommended Security Settings for Microsoft Edge Browser
- ZIA Authentication Error Codes
- User Management
- Users
- Groups
- Departments
- SAML & SCIM
- About Identity Providers
- Adding Identity Providers
- Adding the Zscaler Client Connector as an IdP
- Understanding SAML
- Configuring SAML
- Logging Out from Zscaler While Using SAML
- Troubleshooting SAML
- Understanding SCIM
- Configuring SCIM
- SCIM API Examples
- Active Directory with LDAP to SCIM Provisioning Migration Guide
- SAML & SCIM Configuration Guide for Microsoft Entra ID
- SAML & SCIM Configuration Guide for Okta
- SAML & SCIM Configuration Guide for PingFederate
- SAML Configuration Guide for AD FS 3.0
- SAML Configuration Guide for AD FS 2.0
- SAML & SCIM Configuration Guide for Google Apps
- SAML Configuration Guide for OneLogin
- SAML Configuration Guide for CA Single Sign-On
- Active Directory & LDAP
- Kerberos Authentication
- About Kerberos Authentication
- Kerberos Authentication Deployment Guidelines
- Kerberos Trust Relationship Configuration Guide for Windows Server & GPO Push
- Kerberos Trust Relationship Configuration Guide for Linux Server
- Using the Default Zscaler Kerberos PAC File
- Troubleshooting Kerberos Authentication
- ZIA Error Codes for Kerberos Authentication
- Basic Authentication
- Zscaler Authentication Bridge
- Identity Proxy Settings
- Certificates
- Alerts
- End User Notifications (EUNs)
- Browser EUNs
- Templates
- Global Configuration
- Zscaler Client Connector EUNs
- Backup & Restore
- API Security
- About Cloud Service API Key
- Managing Cloud Service API Key
- About Sandbox API Token
- Managing Sandbox API Token
- Securing ZIA APIs with OAuth 2.0
- About OAuth 2.0 Authorization Servers
- Managing OAuth 2.0 Authorization Servers
- OAuth 2.0 Configuration Guide for Okta
- OAuth 2.0 Configuration Guide for Microsoft Entra ID
- SNMP MIBs
- Traffic Forwarding
- Choosing Traffic Forwarding Methods
- Best Practices for Traffic Forwarding
- Handling DNS Resolution for Various Traffic Forwarding Methods
- Understanding Zscaler Authoritative DNS Servers
- About Subclouds
- Understanding Subclouds
- Editing a Subcloud
- About Data Center Exclusion Based on Traffic Forwarding Method
- Excluding a Data Center Based on Traffic Forwarding Method
- About Static IP
- Self-Provisioning of Static IP Addresses
- Importing Static IP Address from a CSV File
- Understanding Multi-Cluster Load Sharing
- Understanding Proxy Mode
- Determining Optimal MTU for GRE or IPSec Tunnels
- Implementing Zscaler in No-Default Route Environments
- Alternative Options to Caching Web Traffic
- Troubleshooting Users' Traffic not Going to the Nearest ZIA Public Service Edge
- Configuring Disaster Recovery
- Zscaler Traffic Bypasses
- GRE
- Understanding Generic Routing Encapsulation (GRE)
- GRE Deployment Scenarios
- About GRE Tunnels
- Self-Provisioning of GRE Tunnels
- Importing GRE Tunnels from a CSV File
- Configuring GRE Tunnels
- GRE Configuration Guide for Juniper SRX
- GRE Configuration Guide for Cisco 881 ISR
- Locating the Virtual IP Addresses for ZIA Public Service Edges
- IPSec
- Understanding IPSec VPNs
- Configuring an IPSec VPN Tunnel
- About VPN Credentials
- Adding VPN Credentials
- Importing VPN Credentials from a CSV File
- IPSec VPN Configuration Guide for Cisco ASA 55xx
- IPSec VPN Configuration Guide for Cisco 881 ISR
- IPSec VPN Configuration Guide for Juniper SRX
- IPSec VPN Configuration Guide for Juniper SSG 20
- IPSec VPN Configuration Guide for FortiGate Firewall
- IPSec VPN Configuration Guide for Palo Alto Networks Firewall
- IPSec VPN Configuration Guide for SonicWall TZ 350
- Locating the Hostnames and IP Addresses for ZIA Public Service Edges
- PAC Files
- Using PAC Files
- Writing a PAC File
- Best Practices for Writing PAC Files
- Firewall Requirements for Using PAC Files
- Using Default PAC Files to Forward Traffic to ZIA
- Using Custom PAC Files to Forward Traffic to ZIA
- Forwarding Traffic Based on User's Location Using PAC Files
- Load Balancing for PAC Forwarded Traffic
- Distributing a PAC File URL to Users
- Configuring Internet Explorer to Use a PAC File
- Configuring Google Chrome to Use a PAC File
- Configuring Mozilla Firefox to Use a PAC File
- Configuring Safari to Use a PAC File
- Zscaler Client Connector
- Getting Started
- Reference Architecture
- Administration
- Zscaler Client Connector Notifications
- API Key Management
- Zscaler Client Connector Store Settings
- Zscaler Client Connector Support Settings
- App Supportability
- About App Supportability
- Configuring User Access to Logging Controls for Zscaler Client Connector
- Configuring User Access to Support Options for Zscaler Client Connector
- Configuring User Access to the Restart and Repair Options for Zscaler Client Connector
- Configuring Automatic Username Population for IdP Authentication
- Configuring Automatic ZPA Reauthentication
- Registering Devices with ZPA IdP Username
- Network Performance
- App Fail Open
- User Privacy
- About User Privacy
- Configuring Zscaler Client Connector to Collect Device Owner Information
- Configuring Zscaler Client Connector to Collect Hostnames
- Enabling Packet Capture for Zscaler Client Connector
- Configuring Automatic Crash Reporting for Zscaler Client Connector
- Configuring Zscaler Client Connector to Collect ZDX Location Information
- Allow Users to Override Z-Tunnel 2.0 or ZPA Protocol Settings
- Allowing Non-Administrator Users Access to Zscaler Client Connector Log Files
- Restricting Remote Packet Capture
- Endpoint Integration
- Advanced Configuration
- Zscaler Client Connector Profile Management
- About Zscaler Client Connector App Profiles
- Configuring Zscaler Client Connector App Profiles
- Searching for a Zscaler Client Connector Profile
- Zscaler Client Connector Profile Rule Example
- Viewing the Policy Token for a Zscaler Client Connector Profile
- Anti-Tampering for Zscaler Client Connector
- Configuring a Default Global Log Mode
- Configuring a Cellular Quota with Zscaler Client Connector for Android
- Syncing Directory Groups between the ZIA Admin Portal and Zscaler Client Connector Portal
- Best Practices for Adding Bypasses for Z-Tunnel 2.0
- About Application Bypass
- Adding IP-Based Applications to Bypass Traffic
- Adding Process-Based Applications to Bypass Traffic
- Zscaler Endpoint Data Loss Prevention (DLP) Integration with Zscaler Client Connector
- About Business Continuity
- Device Posture Profiles
- Forwarding Traffic Management
- About Forwarding Profiles
- Configuring Forwarding Profiles for Zscaler Client Connector
- Using the Windows Filter Driver for Zscaler Client Connector
- Searching for a Forwarding Profile
- About Trusted Networks
- Configuring Trusted Networks for Zscaler Client Connector
- Searching for a Trusted Network
- About Z-Tunnel 1.0 & Z-Tunnel 2.0
- Configuring Dedicated Proxy Ports
- Managing Devices
- Platform and Authentication Management
- About Platform Settings
- Enabling Browser-Based Authentication
- Using WebView2 Authentication
- Enabling Resizing of the Zscaler Client Connector Authentication Window
- About Zscaler Client Connector IdP
- Using Zscaler Client Connector Portal as an Identity Provider
- Creating a Device Token
- Customizing the Zscaler Client Connector User Agent
- Configuring Passwords for Access in Unattended Mode
- Zscaler Client Connector and Imprivata Integration
- ZPA Partner Login
- Zscaler Service Entitlement
- About Zscaler Service Entitlement
- Enabling ZPA for a Group of Users
- Configuring ZPA Machine Tunnel for All
- Enabling ZDX for All Users
- Enabling ZDX for a Group of Users
- Enabling Deception for a Group of Users
- About Device Groups
- Creating Device Groups
- Searching for Device Groups
- Enabling ZPA for Device Groups
- Enabling Zscaler Deception for Device Groups
- Enabling ZDX for Device Groups
- Enabling ZIA for Device Groups
- Downloading & Deployment
- Understanding Zscaler Client Connector App Downloads
- Configuring Zscaler Client Connector for Microsoft 365 Cloud PCs
- Customizing Zscaler Client Connector with Install Options for MSI
- Customizing Zscaler Client Connector with Install Options for EXE
- Customizing Zscaler Client Connector with Install Options for macOS
- Customizing Zscaler Client Connector with Install Options for Linux
- Customizing Zscaler Client Connector with Install Options for Android
- Customizing Zscaler Client Connector with Install Options for iOS
- Dual Tunnel Feature Configuration with Jamf Pro for iOS
- Dual Tunnel Feature Configuration with Microsoft Intune for iOS
- Blocking LAN Access
- Best Practices for Zscaler Client Connector Deployment
- Best Practices for Updating Latest Versions of Zscaler Client Connector Application
- Uninstalling Zscaler Client Connector
- Reverting Zscaler Client Connector to the Previous Version
- Upgrading Zscaler Client Connector
- Monitoring Usage
- Understanding the Zscaler Client Connector Dashboard
- About Enrolled Devices
- Viewing Device Fingerprint for an Enrolled Device
- Device States for Enrolled Devices
- Accessing One-Time Passwords for Enrolled Devices
- About Machine Tunnels
- About Zscaler Client Connector Integration with Deception
- About Partner Devices
- Viewing Device Fingerprint Information for a Partner Device
- Interacting with Zscaler Client Connector Remotely
- Interoperability
- Implementing Zscaler Client Connector in No Default Route Environments
- Domain Validation in Zscaler Client Connector for ZPA Applications
- Best Practices for Zscaler Client Connector and VPN Client Interoperability
- Zscaler Client Connector and Charles Proxy Interoperability
- Zscaler Client Connector Processes to Allowlist
- Allowing Traffic to the ID Federation URL by Bypassing Zscaler Client Connector
- Enrolling Zscaler Client Connector Users When Using a Proxy
- Using Fiddler with Zscaler Client Connector
- Best Practices for Using PAC Files with Zscaler Client Connector
- Zscaler Client Connector API
- API Developer & Reference Guide
- Reference Guide
- Troubleshooting
- AppArmor Causes Auto-Upgrade to Zscaler Client Connector version 3.7.1 for Linux to Fail
- Zscaler Client Connector Errors
- Zscaler Client Connector: Windows Registry Keys
- Zscaler Client Connector: Connection Status Errors
- Zscaler Client Connector: ZPA Authentication Errors
- Captive Portal Sign-In Fails for Chromebook Users
- Zscaler Client Connector Displays Blank Page
- Firewall Posture Check Failure on macOS Sequoia
- Microsoft Outlook and Microsoft Teams Not Accessible
- Login Failure in Zscaler Client Connector for Android on ChromeOS version 1.12
- Browser-Based Authentication Fails When Using Certain Browsers to Launch Zscaler Client Connector for Linux and Windows
- DNS Request Failure in Zscaler Client Connector version 4.1.0.89
- DNS Resolution Failure in Zscaler Client Connector for Android on ChromeOS version 1.12
- Upgrading to Zscaler Client Connector 3.7 for Windows
- Missing Zscaler Client Connector GNOME Tray icon for Linux
- Upgrading to Windows 10, Version 2004
- Supporting M1 Processors
- Upgrading to macOS Big Sur
- Upgrading to macOS Catalina
- Upgrading to Android 10
- Using Zscaler Client Connector with Cisco AnyConnect on macOS Catalina
- Resolving Update Issues to Zscaler Client Connector 1.4.3
- Login Failures with Zscaler Client Connector Using Active Directory
- Downgrading Zscaler Client Connector to an Earlier Version
- Resolving Zscaler Client Connector Linux 1.2 DNS Configuration Issues for VPNs
- Resolving Auto-Update Issues for Zscaler Client Connector Linux 1.2
- Upgrading to Zscaler Client Connector version 1.9 for Android
- End User Guide
- Using Zscaler Client Connector
- Locating Where Zscaler Client Connector is Installed on Your Device
- Enrolling in the Zscaler Service on Zscaler Client Connector
- Viewing Information About Zscaler Client Connector
- Viewing Information About Private Access on Zscaler Client Connector
- Viewing Information About Internet Security on Zscaler Client Connector
- Viewing Information About Digital Experience on Zscaler Client Connector
- Viewing Information About Zscaler Endpoint DLP on Zscaler Client Connector
- Viewing Notifications on Zscaler Client Connector
- Zscaler Client Connector: Pop-Up Notifications
- Self Service Notifications in Zscaler Client Connector
- Reporting an Issue with Zscaler Client Connector
- Using Zscaler Diagnostics
- Troubleshooting Zscaler Client Connector
- Adding a Partner Tenant to Zscaler Client Connector
- Deprovisioning Your Device from Zscaler Client Connector
- Release Notes
- Zscaler Client Connector Portal Release Notes
- Zscaler Client Connector Release Notes (per OS)
- Zscaler Client Connector - ZDX Module Release Notes (per OS)
- Proxy Chaining
- Location Management
- About Locations
- Configuring Locations
- Understanding Sublocations
- Configuring Sub-Locations
- Configuring Multiple Locations and Sub-Locations
- Downloading Location and Sub-Location Information to a CSV File
- Importing Location and Sub-Location Information from a CSV File
- Configuring Dedicated Proxy Ports
- Configuring a Location Without a Static Public IP Address
- About Location Groups
- Configuring Manual Location Groups
- Configuring Dynamic Location Groups
- Configuring Azure Virtual WAN Locations
- Service Edges
- Maintenance Support for Virtual Service Edge
- Choosing Between Private Service Edges and Virtual Service Edges
- Firewall Configuration Requirements for Private Service Edge Deployments
- Using PAC Files for Private Service Edge Deployments
- Monitoring Virtual Service Edge Clusters
- Maintenance Support for Private Service Edge
- Troubleshooting Virtual Service Edges
- Public Service Edge
- Private Service Edge
- Virtual Service Edge
- About Virtual Service Edges
- About Virtual Service Edge Clusters
- Configuring Virtual Service Edge Clusters
- Using an External Load Balancer for Virtual Service Edge Clusters
- Configuring Virtual Service Edge for Microsoft Azure
- Configuring Virtual Service Edge for Amazon Web Services
- Configuring Virtual Service Edge for Amazon Web Services with GWLB
- Configuring Virtual Service Edge for Microsoft Hyper-V
- Configuring Virtual Service Edge for Google Cloud Platform
- Adding Virtual Service Edge Instances
- Adding Virtual Service Edge Clusters
- Downloading a Virtual Service Edge VM
- Downloading Virtual Service Edge Certificates
- Configuring Virtual Service Edge and NTP Server Synchronization
- Virtual Service Edge Configuration Guide for Dual Arm Mode
- Forwarding Traffic to Virtual Service Edges
- China Premium Access
- IPv6
- Traffic Capture
- Extranet
- Policies
- Configuring Advanced Settings
- Understanding Policy Enforcement
- Configuring Policies for Unauthenticated Traffic
- About Rule Labels
- Adding a Rule Label
- About Devices
- About Device Groups
- About Time Intervals
- Understanding Workload Groups
- About Workload Groups
- Configuring Workload Groups
- Defining Time Intervals
- Printing Policies
- Accessing the Zscaler Deception Admin Portal using SSO
- About User Confirmation Notification Templates
- Configuring User Confirmation Notification Templates
- Configuring Settings for User Confirmation Notification Templates
- Advanced Threat Protection
- Bandwidth Control & Classes
- About Bandwidth Control
- Configuring the Bandwidth Control Policy
- Adding Rules to the Bandwidth Control Policy
- Bandwidth Control Policy Example
- About Bandwidth Classes
- Adding Bandwidth Classes
- Configuring the Web Conferencing Applications Bandwidth Class
- Configuring the VoIP Applications Bandwidth Class
- Configuring the Large Files Bandwidth Class
- Browser Control
- Secure Browsing
- Cloud Apps
- Cloud App Control Policies
- About Cloud App Control
- Understanding Cloud App Categories
- Adding Rules to the Cloud App Control Policy
- Adding an AI & ML Applications Rule for Cloud App Control
- Adding a Collaboration & Online Meetings Rule for Cloud App Control
- Adding a Consumer Rule for Cloud App Control
- Adding a Custom Applications Rule for Cloud App Control
- Adding a DNS Over HTTPS Services Rule for Cloud App Control
- Adding a File Sharing Rule for Cloud App Control
- Adding a Finance Rule for Cloud App Control
- Adding a Health Care Rule for Cloud App Control
- Adding a Hosting Providers Rule for Cloud App Control
- Adding a Human Resources Rule for Cloud App Control
- Adding an Instant Messaging Rule for Cloud App Control
- Adding an IT Services Rule for Cloud App Control
- Adding a Legal Rule for Cloud App Control
- Adding a Productivity & CRM Tools Rule for Cloud App Control
- Adding a Sales & Marketing Rule for Cloud App Control
- Adding a Social Networking Rule for Cloud App Control
- Adding a Streaming Media Rule for Cloud App Control
- Adding a System & Development Rule for Cloud App Control
- Adding a Webmail Rule for Cloud App Control
- Cloud Applications
- Cloud Application Instances
- Office 365
- Tenant Restriction
- Risk Profiles
- Data Loss Prevention
- About Data Loss Prevention
- Configuring DLP Policy Rules with Content Inspection
- Configuring DLP Policy Rules without Content Inspection
- Configuring DLP Policy Rules with Evaluate All Rules Mode Enabled
- Configuring DLP Advanced Settings
- Monitoring or Blocking Outbound Content by Data Size
- DLP Policy Configuration Example: Match Only
- Step-by-Step Configuration Guide for Webex Teams Real-Time DLP
- Accessing the DSPM Admin Portal using SSO
- DLP Dictionaries & Engines
- About DLP Dictionaries
- Understanding Predefined DLP Dictionaries
- Editing Predefined DLP Dictionaries
- Cloning Predefined DLP Dictionaries
- Adding Custom DLP Dictionaries
- Defining Patterns for Custom DLP Dictionaries
- Defining Phrases for Custom DLP Dictionaries
- Defining Microsoft Information Protection Labels for Custom DLP Dictionaries
- About DLP Engines
- Understanding DLP Engines
- Editing Predefined DLP Engines
- Adding Custom DLP Engines
- Cloning DLP Engines
- DLP Incident Receiver
- About Zscaler Incident Receiver
- Adding a Zscaler Incident Receiver
- Configuring the Zscaler Incident Receiver for On-Premises VMs
- Configuring the Zscaler Incident Receiver for Amazon Web Services EC2 VMs
- Configuring the Zscaler Incident Receiver for Azure VMs
- About ICAP Receivers for DLP
- About ICAP Communication Between Zscaler and DLP Servers
- Enabling Secure ICAP
- Enabling Unencrypted ICAP
- Adding an ICAP Receiver for DLP
- Configuring the ICAP Server with the Mutual Transport Layer Security (MTLS) CA Certificate
- DLP Index Tool
- DLP Exact Data Match
- DLP Indexed Document Match
- Labels and Tags
- Notification Templates
- Endpoint Data Loss Prevention
- About Endpoint Data Loss Prevention
- Step-by-Step Configuration Guide for Zscaler Endpoint DLP
- Understanding Endpoint Policy Enforcement
- Configuring Endpoint DLP Policy Rules
- About DLP Resources
- Adding DLP Resources
- Editing DLP Resources
- Adding a DLP Resource Group
- Editing a DLP Resource Group
- Endpoint Data Scan
- Accessing and Navigating the Endpoint Data Scan Report
- About Endpoint Data Scan
- About User Investigation
- Analyzing Endpoint DLP Scan for a User
- Configuration
- Device Control
- Inventory
- Outbound Email Data Loss Prevention
- What Is Zscaler Outbound Email DLP?
- Step-by-Step Configuration Guide for Zscaler Outbound Email DLP
- Understanding Outbound Email Policy Enforcement
- About Email Tenants
- Adding Email Tenants
- Editing Email Tenants
- Configuring Gmail for Zscaler Outbound Email DLP
- Configuring Microsoft Exchange for Zscaler Outbound Email DLP
- About Email Profiles
- Adding Email Profiles
- Editing Email Profiles
- About Outbound Email Policy
- Configuring Outbound Email Policy Rules
- File Type Control
- Firewall
- Understanding Firewall Capabilities
- Configuring Firewall Policies
- Enabling the Firewall for Locations
- Firewall HTTP Tunnel Connectivity
- Configuring Custom Ports
- ZIA & Application Layer Gateway Enabled Applications
- Firewall Control
- DNS Control
- FTP Control
- IPS Control
- Firewall Policy Resources
- About Network Services
- Configuring Network Services
- About Network Service Groups
- Configuring Network Service Groups
- About Network Applications
- About Network Application Groups
- Configuring Network Application Groups
- About Application Service Groups
- About Source IP Groups
- Configuring Source IP Groups
- About Destination IP Groups
- Configuring Destination IP Groups
- About DNS Application Groups
- Configuring DNS Application Groups
- About IP Pool
- About Threat Categories
- Adding Threat Categories
- About EDNS Client Subnet (ECS) Injection
- Adding EDNS Client Subnet (ECS) Prefixes
- About DNS Gateways
- Adding DNS Gateways
- Forwarding Control
- Dedicated IP
- Customer-Managed Dedicated IP (Source IP Anchoring)
- Zscaler-Managed Dedicated IP
- Third-Party Proxy Chaining
- Malware Protection
- Mobile Security
- Mobile Malware Protection
- Zscaler Client Connector Deployment
- Mobile App Store Control
- SaaS Security
- SaaS Application Tenants
- Data at Rest Scanning Policies
- Understanding the Data at Rest Scanning Policy
- About Data at Rest Scanning DLP
- Configuring the Data at Rest Scanning DLP Policy
- Configuring the Data at Rest Scanning DLP Policy Exceptions
- About Data at Rest Scanning Malware Detection
- Configuring the Data at Rest Scanning Malware Detection Policy
- Configuring the Data at Rest Scanning Malware detection Policy Exceptions
- About SaaS Security Scan Configuration
- Understanding SaaS Security Scan Schedules
- Configuring SaaS Security Scan Schedules
- Configuring the Data at Rest Scanning Exceptions
- Rights Management
- 3rd-Party App Governance
- Getting Started
- What Is 3rd-Party App Governance?
- Step-by-Step Configuration Guide for 3rd-Party App Governance
- Accessing and Navigating the 3rd-Party App Governance Admin Portal
- SAML Configuration Guide for Okta
- Connecting Your Platforms
- Find Your Application IDs
- Using 3rd-Party App Governance
- About the 3rd-Party App Governance Dashboard
- About the App Inventory
- App Inventory Filters
- Searching for Apps
- Custom Views
- Pre-Vetting Apps
- Uploading Apps in Bulk
- Taking Bulk Actions on Apps
- Revoking and Banning Apps
- Configuring End User Review
- About the App Panel
- Updating the App Risk Score
- Updating the App Finding Status
- About User Inventory
- About the User Panel
- 3rd-Party App Governance Policies
- Posture Management
- Posture Management - Essentials
- Posture Management - Advanced
- Sandbox
- SSL Inspection
- About Secure Sockets Layer (SSL)
- About SSL Inspection
- Supported Cipher Suites in SSL Inspection
- Safeguarding SSL Keys and Data Collected during SSL Inspection
- Adding Custom Certificate to an Application-Specific Trust Store
- About SSL Inspection Policy
- Configuring SSL Inspection Policy
- About Intermediate CA Certificates
- Choosing the CA Certificate for SSL Inspection
- Signing a CSR Using the Active Directory Certificate Services
- Configuring Software Protection Intermediate CA Certificate
- Configuring Cloud HSM Protection Intermediate CA Certificate
- Deployment Scenarios for SSL Inspection
- Certificate Pinning and SSL Inspection
- Best Practices for Testing and Rolling Out SSL Inspection
- URL Filtering
- About URL Filtering
- URL Format Guidelines
- Configuring the URL Filtering Policy
- About URL Categories
- Configuring Custom URL Categories
- About Bulk URL Upload Tool
- About TLD Categories
- Configuring TLD Categories
- Recommended URL & Cloud App Control Policy
- Configuring Advanced Policy Settings
- Adding URLs to the Allowlist
- Enforcing User-Based URL Policies on HTTPS Traffic
- About CIPA Compliance
- Looking Up URLs in the ZIA Admin Portal
- Looking Up URLs in Site Review
- ICAP Receivers
- Workflow Automation
- Data Protection
- Getting Started
- Incident Group
- Setup
- Configuring the DLP Application Integration Using Amazon Web Services
- Configuring the DLP Application Integration Using Azure
- Adding Integrations
- Managing DLP AWS Application Integrations in Workflow Automation
- Managing DLP Azure Application Integrations in Workflow Automation
- Managing Workflow Automation Integration with Slack
- Managing Workflow Automation Integration with Microsoft Teams
- Managing Workflow Automation Integration with ServiceNow
- Managing Workflow Automation Integration with Jira Software
- Managing Roles and Permissions
- Managing Admin Assignments
- Managing Priorities
- Managing Approvers
- Managing Notification Templates
- Adding Email Notification Templates
- Adding Slack Notification Templates
- Adding Microsoft Teams Notification Templates
- Managing Survey Templates
- Managing Incident and Digest Template Mappings
- Managing Account Settings
- Managing User Attributes
- Managing Integration Users
- Managing Labels
- Managing Custom Email Domains
- About Audit Logs
- Workflows
- Incidents
- About Incidents
- Viewing & Managing Incident Details
- Understanding Duplicate Incidents in Workflow Automation
- Using Incident Filters in Workflow Automation
- Responding to an End User Notification
- Responding to an Escalation Notification
- Responding to a User Digest Notification
- Responding to a DLP Admin Digest Notification
- Dashboard
- API Management
- Workflow Automation API
- API Developer & Reference Guide
- Getting Started
- Configuring the Postman REST API Client
- Understanding API Rate Limiting
- API Response Codes and Error Messages
- Reference Guide
- Zscaler Digital Experience
- Getting Started
- Setup
- Workflows
- Business Insights
- Getting Started
- Events
- Event Groups
- Setup
- Managing Priorities for Events
- Managing Integration Users for Events
- Adding Integrations for Events
- Managing ServiceNow Integration for Events
- Managing Notification Templates for Events
- Adding Email Notification Templates for Events
- Managing Survey Templates for Events
- Managing Template Mappings for Events
- Workflows
- Release Notes
- Security & UEBA Alerts
- Isolation
- Getting Started
- Policy Management
- Profiles
- ZIA Profiles
- ZPA Profiles
- Profile Certificates
- About Root Certificates for Isolation in ZIA
- Adding Root Certificates for Isolation in ZIA
- Editing a Root Certificate for Isolation in ZIA
- Deleting a Root Certificate for Isolation in ZIA
- About Root Certificates for Isolation in ZPA
- Adding Root Certificates for Isolation in ZPA
- Editing a Root Certificate for Isolation in ZPA
- Deleting a Root Certificate for Isolation in ZPA
- Profile Notifications
- Adding a Banner Theme for the Isolation End User Notification in ZIA
- Editing a Banner Theme for the Isolation End User Notification in ZIA
- Deleting a Banner Theme for the Isolation End User Notification in ZIA
- Adding a Banner Theme for the Isolation End User Notification in ZPA
- Editing a Banner Theme for the Isolation End User Notification in ZPA
- Deleting a Banner Theme for the Isolation End User Notification in ZPA
- End User Isolation Experience
- Accessing Multiple Sessions In Isolation
- Accessing Network Diagnostics in Isolation
- User Experience Modes in Isolation
- Read-Only Mode In Isolation
- Understanding Turbo Mode for Isolation
- Using Debug Mode for Isolation
- Using the Isolation Bar in Native Browser Experience
- Using the Right-Click Menu in Isolation
- Using Search in Isolation
- Understanding Language Translate for Isolation
- Transferring and Viewing Files in Isolation
- Local Browser Rendering for Isolation
- Bookmarking Web Pages in Isolation
- Mobile User Experience in Isolation
- Dashboard & Analytics
- About Dashboards
- About Widgets
- Adding Notes to Dashboards and Interactive Reports
- Web Data Types and Filters
- Mobile Data Types and Filters
- Firewall Data Types and Filters
- DNS Data Types and Filters
- Endpoint DLP Data Types and Filters
- Email DLP Data Types and Filters
- Extranet Data Types and Filters
- Reports
- About the Gen AI Security Report
- About the Instance Discovery Report
- Viewing the Resource Discovery Report
- About the Email Security Report
- About Email Security Report: Incidents
- About Cybersecurity Insights
- About Interactive Reports
- About Industry Peer Comparison
- About the System Audit Report
- About the Sandbox Activity Report
- Scheduling the Sandbox Activity Report Weekly Email
- About the Sandbox Files Found Malicious Report
- Scheduling the Sandbox Files Found Malicious Report Weekly Email
- CIPA Compliance Report
- About the Company Risk Score Report
- About the User Risk Report
- Company Summary Report (CIO Report)
- Company Summary Report (CSO Report)
- Security Policy Audit Report
- Executive Insights Report
- About SaaS Assets Summary Report
- Viewing Quarterly Business Review Reports
- About Attack Surface Report
- Configuring the Attack Surface Report Notification
- About Configuration Risk Report
- About the Data Discovery Report
- Viewing Data Discovery Details
- About the IoT Report
- About Discovered Devices
- Providing Feedback on IoT Device Classifications
- About Scheduled Reports
- Scheduling Reports
- Exporting and Importing Reports
- Printing Reports
- About Endpoint DLP Report
- About Endpoint DLP Report: Incidents
- Insights
- About Insights
- About Threat Insights
- SaaS Security Insights
- Analyzing Traffic Using Insights
- Tunnel Data Types and Filters
- Viewing User Reports in Web Insights
- Logs
- Extranet Insights Logs: Filters
- Email DLP Insights Logs: Columns
- Email DLP Insights Logs: Filters
- Extranet Insights Logs: Columns
- About Insights Logs
- About SaaS Security Insights Logs
- DNS Insights Logs: Columns
- DNS Insights Logs: Filters
- Firewall Insights Logs: Columns
- Firewall Insights Logs: Filters
- Mobile Insights Logs: Columns
- Mobile Insights Logs: Filters
- Tunnel Insights Logs: Columns
- Tunnel Insights Logs: Filters
- Web Insights Logs: Columns
- Web Insights Logs: Filters
- Endpoint DLP Insights Logs: Columns
- Endpoint DLP Insights Logs: Filters
- Nanolog Streaming Service
- Understanding Nanolog Streaming Service (NSS)
- About NSS Servers
- Adding NSS Servers
- About NSS Collector Servers
- Adding NSS Collector Servers
- Syslog Overview
- NSS Deployment Guides
- NSS Feeds
- Adding NSS Feeds
- Adding NSS Feeds
- Adding NSS Feeds for Web Logs
- Adding MCAS NSS Feeds
- Adding NSS Feeds for Firewall Logs
- Adding NSS Feeds for DNS Logs
- Adding NSS Feeds for Tunnel Logs
- Adding NSS Feeds for SaaS Security Logs
- Adding NSS Feeds for SaaS Security Activity Logs
- Adding NSS Feeds for Alerts
- Adding NSS Feeds for Admin Audit Logs
- Adding NSS Feeds for Endpoint DLP Logs
- Adding NSS Feeds for Email DLP Logs
- Adding Cloud NSS Feeds
- Adding Cloud NSS Feeds
- Adding Cloud NSS Feeds for Web Logs
- Adding Cloud NSS Feeds for Firewall Logs
- Adding Cloud NSS Feeds for DNS Logs
- Adding Cloud NSS Feeds for Tunnel Logs
- Adding Cloud NSS Feeds for SaaS Security Logs
- Adding Cloud NSS Feeds for SaaS Security Activity Logs
- Adding Cloud NSS Feeds for Admin Audit Logs
- Adding Cloud NSS Feeds for Endpoint DLP Logs
- Adding Cloud NSS Feeds for Email DLP Logs
- Formatting NSS Feeds
- General Guidelines for NSS Feeds and Feed Formats
- NSS Feed Output Format: Web Logs
- NSS Feed Output Format: Firewall Logs
- NSS Feed Output Format: DNS Logs
- NSS Feed Output Format: Tunnel Logs
- NSS Feed Output Format: SaaS Security Logs
- NSS Feed Output Format: SaaS Security Activity Logs
- NSS Feed Output Format: Admin Audit Logs
- NSS Feed Output Format: Endpoint DLP Logs
- NSS Feed Output Format: Email DLP Logs
- SIEM Deployment Guides
- Partner Integrations
- Zscaler Management Portal for Partners
- Getting Started
- What Is Zscaler Management Portal for Partners?
- Accessing and Navigating the Zscaler Management Portal for Partners
- Management Portal
- Administration
- Policy Templates
- Tenant Management
- ZIA API
- API Developer & Reference Guide
- Getting Started
- Configuring the Postman REST API Client
- Understanding Rate Limiting
- API Response Codes and Error Messages
- Reference Guide
- 3rd-Party App Governance API
- Sandbox Submission API
- Activation
- Admin Audit Logs
- Admin & Role Management
- Advanced Settings
- Advanced Threat Protection Policy
- API Authentication
- Authentication Settings
- Browser Isolation
- Cloud Applications
- Cloud App Control Policy
- Cloud Nanolog Streaming Service (NSS)
- Data Loss Prevention
- Device Groups
- DNS Control Policy
- End User Notifications
- Event Logs
- File Type Control Policy
- Firewall Policies
- Forwarding Control Policy
- Intermediate CA Certificates
- IoT Report
- IPS Control Policy
- Location Management
- Malware Protection Policy
- Organization Details
- PAC Files
- Policy Export
- Remote Assistance Support
- Rule Labels
- Sandbox Policy & Settings
- Sandbox Report
- Security Policy Settings
- Shadow IT Report
- SSL Inspection Policy
- Traffic Forwarding
- URL Categories
- URL Filtering Policy
- URL & Cloud App Control Policy Settings
- User Authentication Settings
- User Management
- Workload Groups
- API Rate Limit Summary
- Working with APIs
- Managing Admins and Roles Using API
- Managing Intermediate CA Certificates Using API
- Managing Locations Using API
- Obtaining Sandbox Reports Using API
- SD-WAN Integrations Using API
- Configuring VPN Credentials for IPSec Tunnels Using API
- Managing URL Allowlist and Denylist Using API
- Configuring URL Categories Using API
- Managing Users Using API
- Zscaler Data Center VIPs JSON
- Troubleshooting
- Capturing HTTP Headers on Microsoft Edge
- Executive Insights App Errors and Troubleshooting
- About Zscaler Analyzer
- Using the Zscaler Cloud Performance Test Tool
- Avoiding Google Captcha and Geolocation Issues
- Capturing HTTP Headers on Google Chrome
- Capturing HTTP Headers on Mozilla Firefox
- Capturing HTTP Headers on Safari
- Enabling Remote Assistance
- Managing the QUIC Protocol
- Measuring the Performance of the Zscaler Service
- Policy Reasons
- Supporting Citrix XenApp & XenDesktop Applications
- ZscalerOS Migration to Version 24
- Release Notes