How do I configure the Hosted User Database?


How do I configure the Hosted User Database?

For background information on using the Hosted User Database for provisioning users, see About the Hosted User Database. For troubleshooting tips, see Troubleshooting: Hosted User Database.

Complete the following tasks to configure hosted database as your provisioning method.

A. Enable Authentication

To enable authentication for a location:

  1. Log in to the service and go to Administration > Resources > Location.
  2. Click the Edit icon beside the location.
  3. Select Enforce Authentication.
  4. Click Save and activate the change.

B. Configure the Hosted Database

To add the user information directly to the Zscaler service database, log in to the service and select Hosted User Database, choose an authentication method, and then use one of the supported methods to add users.

  1. Log in to the service and go to Administration > Authentication > Authentication Settings.
  2. Do the following:
    • For Directory Type, choose Hosted DB.
    • From Authentication Frequency, choose how often users are required to authenticate to the Zscaler service. If you select Custom, specify 1 to 180 days.
    • For Authentication Type, choose Form-Based.
    • From Password Strength, choose one of the following:
      • None to place no restriction on the strength or complexity of the passwords. This is the default.
      • Medium to require users to set passwords that are at least eight characters long and that contain at least one non-alphabetic character. Only ASCII characters are allowed.
      • Strong to require users to set passwords that are at least eight characters long and that contain at least one digit, one capital letter, and one special character. Only ASCII characters are allowed.
    • From Password Expiry, choose the duration after which users must change their passwords. The default is Never.
    • If you would like to use a temporary authentication method, choose One-Time Token or One-Time Link.
  3. Click Save and activate the change.

C. Add Users, Groups and Departments

  1. Log in to the service and go to Administration > Authentication > User Management.
  2. Do one of the following:

When you add users to the database, you also add groups and departments. A user can belong to up to 128 groups. The service uses groups when it applies policies and uses departments for reporting purposes.

To add a new user through the portal:

  • Navigate to Administration > Authentication > User Management.
  • Click Add and specify the following information about the user:
  • Enter the User ID. The user ID consists of a user name and domain name in email format. Enter the user name and if your organization has more than one domain, select the domain name. Note that the username must be in the form of an email address. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
  • Enter the User Name.
  • Click the down arrow beside Groups to choose a group or add a new one.
  • Click the down arrow beside Departments to choose a department or add a new one.
  • Enter the user’s Password, If you selected password as the authentication method. It must follow the guidelines that you defined.
  • In the Temporary Authentication Email field, enter a valid email address if you selected One-time Token or One-time Link as the temporary authentication method.
  • Optionally, enter comments.
  • Click Save.
  • Repeat the procedure for each new user.
  • Activate the change.

The new user appears in the Manage End Users in Hosted User Database section.

Do the following:

Step 1: Prepare the CSV File

You can download a sample CSV file and add your user information to it. This helps you make sure that the format of your entries is correct. To download the sample CSV file and use it as a template:

  1. Navigate to Administration > Authentication > User Management > Users tab.
  2. Click Sample Import CSV file.
  3. Save the CSV file and add your user information.
    To ensure that the service successfully imports the CSV file, the file must be in the following format:
    • The file name must have a .csv extension.
    • The first line of the file is the header row.
    • Note that your entries must be in the following order: ActionEmail-IDUser NameDeptPasswordCommentsTemp auth e-mail, and Groups.
    • Enter one of the following for Action:
      • + (plus sign) to add a new user. When adding a user, Email-IDUser Name, Dept and Group must be filled in. A user can belong to up to 128 groups.
      • - (minus sign) to delete a user. When deleting a user, only Email-ID is required.
    • The password can be left blank, if you don’t want to upload passwords in clear text. You can use One-Time Passwords to enable users to log in and set passwords.
    • Each user must be on a separate line.
    • Each user's email address must have a domain name that was defined in the portal. If the authentication method is one-time token or one-time link, then either this field or the Temp auth email field must contain a valid email address.
    • The temporary email address can specify any domain. This is used if the authentication method is a one-time token or one-time link. It can have any domain name, but it must be a valid email address.
    • If a user belongs to more than one group, enter each group in a separate column.

Step 2: Import the CSV File

To import the CSV file:

  1. Navigate to Administration > Authentication > User Management > Users tab.
  2. Click Import.
  3. Enable or disable Overwrite Existing Entries.
    Enable this option if you want to update some of your existing users’ profiles, profiles (for example, group information, password, or departments) as well as add new users. The service replaces any user in your existing table with the identical end user data in the import file. The "overwrite" function does not overwrite your entire user database. It overwrites only the users who are in the database and in the import file. 
    Disable this option if you want to simply add all the users in the import file. If there are identical users in the database and the import file, the service returns an error stating that identical users could not be imported. Browse to the file that contains your list of users and delete the duplicate users.
  4. Click Choose File, navigate to the CSV file you want to import, and then click Import.
    The service displays the import results. If it failed to import certain records, the service includes these details in the results.