Zscaler supports Basic authentication, a simple authentication scheme built into the HTML protocol. Basic authentication prompts users for a username and password, which are sent as a Base64 encoded string in the HTTP request header.

Basic authentication is not enabled by default. To access this feature, submit a provisioning ticket to Zscaler Support.

How Basic Authentication Works with Zscaler

The following diagram provides an overview of the Basic authentication flow with Zscaler:

1. The client sends a request along with the authentication credentials of its corresponding user enrolled with Zscaler.
2. A ZIA Public Service Edge calculates the HA1 value for the given credentials and authenticates the user upon successful validation.
3. The traffic proceeds to its destination and a 200 OK verification code is sent back to the Zscaler service and client.

Basic Authentication Overview

Basic authentication can be integrated with the following Zscaler workflows:

• User Enrollment

  Basic authentication works with an HA1 value that must be initialized. Therefore, users need to be enrolled to the ZIA Admin Portal via API. This is necessary because Basic authentication is often used for workloads, which may not be able to interactively perform user enrollment on a browser.

  For more information about user enrollment, see Deploying Basic Authentication.

  Close
• Authenticating Traffic

  After users are enrolled, they may browse the internet through a ZIA proxy and one of several forwarding proxy methods such as Static IP, DPCC, ZIA Virtual Service Edge, or with transparent proxy such as GRE and VPN. User traffic from locations can be configured for Basic authentication and the desired forwarding method.

  Close