Administrative

The Administrative entitlements are used to assign and manage ZIdentity users and user group's administrative access to a Zscaler service (e.g., ZIA Admin Portal, ZPA Admin Portal) with the specific role that is created in the respective Zscaler service.

To provide users or user groups administrative access and assign a role:

1. Add roles on the respective Zscaler admin portal of that service (e.g., ZIA Admin Portal). ZIdentity also provides support for the Zero Trust Device Segmentation service. To add roles for:

   • ZIdentity Admin Portal, see Adding ZIdentity Admin Roles.
   • ZIA Admin Portal, see Adding ZIA Admin Roles.
   • ZPA Admin Portal, see Adding ZPA Admin Roles.
   • ZDX Admin Portal, see Adding ZDX Admin Roles.
   • Zscaler Client Connector Portal, see Adding Client Connector Admin Roles.
   • Zscaler Cloud & Branch Connector Admin Portal, see Adding Cloud & Branch Admin Roles.
   • Deception Admin Portal, see About Users & Roles.
   • Business Insights Admin Portal, see About Administrators in Business Insights.

   • Risk360 Admin Portal, see About Administrators in Risk360.

     ZIdentity supports login to Zscaler Breach Predictor and External Attack Surface Management (EASM) through Risk360, even if the Risk360, Breach Predictor, or EASM tenants have not been migrated to ZIdentity.

   • Workflow Automation Admin Portal, see Managing Admin Assignments.
   • Breach Predictor, see Using Breach Predictor.
   • EASM Admin Portal, see About Role Management.

   The roles on the respective admin portals are automatically synced into the ZIdentity database at regular intervals. To ensure that your ZIdentity database is up to date, you can perform a manual sync from the View Roles page. See image.

   Close

2. Add users and user groups in the ZIdentity Admin Portal.
3. Go to Administration > Entitlements > Administrative.

4. On the Administrative Entitlements page, select the service for which you want to assign users or user groups with admin roles.

   See image.

   Close

5. Assign users or user groups with admin roles to the service.

   See image.

   Close

6. (Optional) View the list of assigned users and user groups as service admins.

If a user is assigned to multiple user groups with different levels of access, then the group created first takes precedence, and the user can perform tasks according to the role assigned to that group. However, if a user is assigned to a service admin role individually, and they are also a part of a user group with a different admin role, then the role assigned to the individual user takes precedence over the user group role.

Service

The Service entitlements are used for assigning ZIdentity users and user groups to a Zscaler service (e.g., ZIA, ZPA).

To assign users or user groups to a Zscaler service:

1. Add users and user groups in the ZIdentity Admin Portal.

2. Go to Administration > Entitlements > Service.

   See image.

   

   Close

3. On the Service Entitlements page, select the service for which you want to assign users or user groups.

4. Assign users or user groups to the service.

   See image.

   Close

5. (Optional) View the list of users and user groups assigned to the service.