Introducing Step-Up Authentication: Enhancing Security with Contextual Access Control across Zscaler Products

In today’s rapidly evolving threat landscape, organizations need to ensure their users have secure and seamless access to sensitive resources. With the recent launch of ZIdentity, Zscaler has made it easier than ever to create the right levels of user access across Zscaler products with a unified identity service. Zscaler is proud to introduce Step-Up Authentication, a feature that adds an additional layer of security by dynamically increasing authentication requirements for sensitive or high-risk resources based on context. This feature is live in Zscaler Private Access™ (ZPA) for customers using ZIdentity as of October 11th. 

Begin ZIdentity migration today! Existing customers who want to reap the benefits of a unified authentication service across Zscaler products can begin their ZIdentity migration process here.

Why Step-Up Authentication?

Zero trust starts with identity, but as enterprises embrace remote work and cloud adoption, all access requests to applications cannot and should not be viewed the same. Step-Up Authentication allows organizations to set different levels of authentication based on risk, such as user and entity behavior analytics (UEBA), device security posture, or the sensitivity of the application itself. With this adaptive approach, Zscaler ensures users are prompted for secondary authentication only when required, enhancing security without impacting user productivity.

How it works

Step-Up Authentication operates through configurable policies within Zscaler's ZIA and ZPA platforms and in conjunction with the new unified authentication service, ZIdentity. Administrators can define criteria and triggers for varying authentication levels. For instance, when a user attempts to access a high-value application from an unfamiliar device, the system can prompt for an additional form of verification, such as FIDO2, a phishing-resistant form of multifactor authentication (MFA). This approach minimizes friction by only stepping up authentication when risk factors exceed pre-defined conditions, thus balancing security and user convenience.

Key benefits of Step-Up Authentication

• Adaptive security: Implement stronger authentication dynamically based on risk factors, ensuring that users and resources are protected in real time.
• Improved user experience: Foster a smooth access experience without compromising on security with conditional prompts, giving users fewer disruptions to face.

Getting started

To learn more about implementing Step-Up Authentication and tailoring it to meet your security needs, visit our Zscaler Help Center and explore our configuration guide.

By incorporating Step-Up Authentication into our cloud platform, Zscaler continues to provide robust, context-aware security that empowers organizations to safeguard their assets in an increasingly complex digital landscape.

Note: Step-Up Authentication is available for ZPA customers who use ZIdentity. Step-Up Authentication for ZIA is coming soon. For existing customers using ZSLogin can begin their ZIdentity migration here.