icon-zpa.svg
Secure Private Access (ZPA)

Configuring Privileged Portals

After you have added an application segment with Privileged Remote Access, you can go to the Privileged Portals page. You can have up to 100 privileged portals. For a complete list of ranges and limits, see Ranges & Limitations.

To add a privileged portal:

  1. Go to Resource Management > Privileged Remote Access > Privileged Portals.
  2. Click Add Portal. The Add Portal window appears.
  3. In the Add Portal window:
    • Name: Enter a name for the privileged portal. The name cannot contain special characters, with the exception of periods (.), hyphens (-), and underscores ( _ ).
    • Status: Enable the privileged portal. If Disabled, the privileged portal is inaccessible to end users.
    • Certificate Type: Select either Managed or Custom.
      • If you select Managed, the portal certificate is managed by Zscaler.

        1. Enter the domain prefix.

        2. Select the domain suffix from the drop-down menu.
        3. Click the Copy icon to copy the URL.

        Close
      • If you select Custom, then you select an existing certificate.

        1. Enter the full URL for the privileged portal. This is the URL that users access to view the portal. The URL must use the HTTPS protocol and be a fully qualified domain name (FQDN).

        A privileged portal's FQDN cannot be configured as an application within an application segment.

        1. Select a certificate from the Portal Server Certificate drop-down menu that is associated with the privileged portal. Click Clear Selection to deselect the certificate. To learn more, see About Browser Access (Web Server) Certificates.

        The certificate must support the FQDN specified for the privileged portal.

        Close
    • Description: (Optional) Enter a description for the privileged portal.
    • User Portal for Portal Links: Select a portal link if you want to access the related user portal Browser Access applications in the PRA Portal. The Browser Access applications are found on the My Web Applications tab in the PRA Portal.
    • If you want to display a notification to your users at the top of the Privileged Remote Access portal page, under Notification Banner:
      • Status: Enable the notification banner.
      • Message Text: Enter the notification text that you want displayed in the Privileged Remote Access portal's banner.

Update configuration for the privileged portal

  1. Click Save.

For privileged portals with a custom certificate, complete the following steps:

  1. On the Privileged Portals page, expand the row to view the privileged portal details within the table, then click the Copy icon next to the Canonical Name (CNAME). You need this CNAME record for your public DNS.

Privileged Portals page within ZPA Admin Portal

  1. Add the CNAME information you copied to your public DNS, and verify that the FQDN for the privileged portal resolves to the record.

For example, for a CNAME of:

https://la-portal.com. CNAME 72057594038060561.72057594037927936.pra.p.zpa-app.net

Verify that https://la-portal.com resolves to 72057594038060561.72057594037927936.pra.p.zpa-app.net.

Zscaler automatically manages the public DNS for the FQDN of user portals with a Zscaler-managed certificate.

Related Articles
About the Privileged Remote Access (PRA) File Transfer SystemUploading and Transferring Files for the PRA File Transfer SystemRequesting Approvals in the PRA PortalAbout My ApprovalsReviewing Approvals in the PRA PortalAbout Privileged PortalsConfiguring Privileged PortalsEditing Privileged PortalsAccessing a Privileged Remote Access Portal