ZIdentity
Assigning Entitlements to Users
You can assign an individual ZIdentity user or user group to a Zscaler service. You must add users or user groups before assigning them to a service. You can assign users to perform administrative tasks via administrative entitlements or assign them as end users via service entitlements. To view the list of entitlements for a specific user, see Viewing Entitlements to Assigned to Users.
Administrative Entitlements
To assign users to a Zscaler service for performing administrative tasks:
Go to Administration > Entitlements > Administrative > service's name.
- Assign users via one of these methods:
- Assign users via user groups
If a user is assigned to a service admin role individually, but they are also a part of a user group with a different admin role, then the role assigned to the individual user takes precedence over the user group role.
Under the User Groups tab, click Assign Groups.
The Assign Groups wizard appears.
In the Assign Groups wizard:
- Under the Select Groups & Roles tab, select the user groups you want assigned to the Zscaler service.
Choose a role that you want assigned to each user group from the drop-down menu under the Role column. The drop-down menu shows the list of roles configured on the respective services' admin portal (e.g., the Role Management page in the ZIA Admin Portal).
- The Scope column is visible only for the Zscaler Private Access (ZPA) service. Select the scope for the admins within the ZPA Admin Portal.
- Click Next.
In the Summary tab, review the assignment details and click Assign.
The selected user groups are assigned to the Zscaler service with administrative privileges for all users in the groups.
- Assign users individually
Under the Users tab, click Assign Users.
The Assign Users wizard appears.
In the Assign Users wizard:
- Under the Select Users & Roles tab, select the users that you want assigned to the Zscaler service.
Choose a role that you want assigned to each user from the drop-down menu under the Role column. The drop-down menu shows the list of roles configured on the respective services' admin portal (e.g., the Role Management page in the ZIA Admin Portal).
- The Scope column is visible only for the Zscaler Private Access (ZPA) service. Scope refers to the microtenant that you can assign to other admins:
- If you have Full permission to manage administrative entitlements in ZIdentity, you can assign any scope to other admins. You can also edit or delete any scope.
- If you have Restricted Full permission to manage administrative entitlements in ZIdentity, and are assigned a Default scope in ZPA, you can assign any scope to other admins. You can also edit or delete any scope.
If you have Restricted Full permission to manage administrative entitlements in ZIdentity and are assigned a scope other than the Default scope, you can only assign that scope to other admins. You can edit or delete only the assigned scope.
- Click Next.
In the Summary tab, review the assignment details and click Assign.
The selected users are assigned to the Zscaler service with administrative privileges.
- Assign users via user groups
Service Entitlements
To assign users to a Zscaler service as end users:
Go to Administration > Entitlements > Service> service's name.
- Assign users via one of these methods:
- Assign users individually
Under the Users tab, click Assign Users.
The Assign Users wizard appears.
In the Assign Users wizard:
Under the Select Users tab, select the users that you want assigned to the Zscaler service.
- Click Next.
In the Summary tab, review the assignment details and click Assign.
The selected users are assigned to the Zscaler service as end users.
- Assign users via user groups
Under the User Groups tab, click Assign Groups.
The Assign Groups wizard appears.
In the Assign Groups wizard:
Under the Select Groups tab, select the user groups that you want assigned to the Zscaler service.
- Click Next.
In the Summary tab, review the assignment details and click Assign.
The selected user groups are assigned to the Zscaler service with all users in the groups as end users.
- Assign users individually