Zscaler Technology Integrations

Yes, Zscaler maintains integrations with all top identity providers (IdPs), including Okta, Microsoft Entra, Ping, and many others. Refer to the complete list of identity partners to learn more.

All transactions through Zscaler are authenticated (via IdP integration using SAML or OIDC to authenticate individual users), and user identity and group membership attributes can be factored into policy decisions.

Yes, Zscaler supports, and recommends, that customers use SCIM 2.0 for user provisioning and life cycle management. SCIM is supported by numerous identity partners, including Okta, Microsoft Entra, and Ping. Identity governance partners, such as SailPoint and Saviynt, also utilize SCIM.

Yes, organizations can configure multiple IdPs based on their needs. More information is available in this article.

Zscaler delegates authentication to a customer’s IdP, which can provide conditional access. Zscaler supports the use of custom IdP attributes as well as the ability to perform device-level posture checks to make policy decisions.

Yes, Zscaler maintains a wide variety of SIEM integrations. Please refer to the complete list of Zscaler’s SIEM partners to learn more. 

All Zscaler products create rich logs with hundreds of pieces of metadata. These logs can be sent seamlessly to third-party SIEMs using System Logging Protocol (syslog) and/or HTTPS.

The ability to perform TLS/SSL decryption at scale enables Zscaler to deliver unique threat insights. Logs are enriched in real time using threat metadata collected by the Zscaler Zero Trust Exchange™ platform.

Yes, Zscaler can push logs in multiple ways, and is also able to push alerts using email/webhooks to the SIEM.

Zscaler log formats are fully customizable, and we maintain existing integrations with all leading SIEM vendors, with native normalization support.

MDM tools are used to install the Zscaler Client Connector agent on managed endpoints, as well as to push configurations to support app adoption, with a zero-touch end user experience.

Yes, the Zscaler Client Connector agent captures multiple signals from users’ devices that enable it to distinguish between company-owned and bring-your-own-device (BYOD) endpoints.

Yes, integrations with endpoint partners enable the Zscaler platform to enforce granular access controls. Refer to the full list of Zscaler endpoint technology partners to learn more.

Yes, Zscaler integrates with multiple endpoint detection and response (EDR) and extended detection and response (XDR) partners. Refer to the full list of Zscaler’s EDR/XDR partners to learn more.

The Zscaler Client Connector agent captures multiple signals from users’ devices that enable it to distinguish between company-owned and bring-your-own-device (BYOD) endpoints.

Yes, Zscaler microsegmentation enables inspection and firewalling of east-west traffic in cloud native environments like AWS VPCs and Azure VNets. Host-based agents enforce granular zero trust policies between workloads, providing visibility into traffic flows and auto-suggesting segmentation rules. This reduces the attack surface and helps prevent lateral movement across cloud and hybrid environments.

Zscaler seamlessly integrates cloud and on-premises environments with the Zscaler platform via connectors. The Branch/Data Center Connector brokers private on-premises workloads to the Zscaler cloud; the Cloud Connector handles traffic from workloads in AWS, Azure, and GCP; and the App Connector directs traffic from the Zscaler cloud to private applications. Together, they ensure secure, policy-driven connectivity across diverse infrastructures.

Yes, Zscaler provides private application access for workloads hosted in AWS, Azure, or GCP through ZPA App Connectors, which are deployed adjacent to the destination applications. This enables users, devices, and other applications to securely connect to resources in these cloud environments.

Yes, Zscaler Data Security Posture Management (DSPM) delivers visibility into cloud workload posture, configurations, and risks across platforms like AWS, Azure, and GCP. DSPM automatically discovers and classifies sensitive data, assesses misconfigurations or exposures, prioritizes risks, and offers guided remediation. It also continuously maps compliance posture and integrates with Zscaler DLP to proactively secure data at rest, in use, and in motion.

Zscaler can interact with Kubernetes or containerized environments in the cloud indirectly. While Zscaler doesn’t inspect traffic inside containerized environments, it can send traffic to and receive traffic from workloads running in Kubernetes or other container platforms in the cloud.

The Zscaler IoT Report shows device inventory and insights discovered from unauthenticated web traffic, with all unauthenticated devices classified automatically. This report provides insight into your organization’s IoT traffic, number of devices (including by location), device types, applications they connect to, traffic destinations, and more. The report updates every 6 hours for active devices discovered in the last 24 hours. See all Zscaler partner integrations.

Zscaler maintains plug-and-play integrations with many leading providers of cloud, data, endpoint, identity, network, and operations solutions. Refer to the complete list of Zscaler integration partners to learn more.

All integrations listed on the Zscaler Technology Alliances Ecosystem site are fully supported and validated by Zscaler. As part of this process, each integration is individually developed and qualified before being made publicly available. Zscaler does not support or endorse any integration not listed on the Technology Ecosystem Partner site.

Zscaler CASB and Unified DLP are natively integrated in the Zscaler platform. Zscaler also works with many leading vendors of CASB, DLP, and other data security solutions to maintain strong, functional integrations. Refer to the full list of Zscaler data ecosystem technology partners to learn more.

Yes, a complete catalog of Zscaler partner integrations, which includes many leading providers of cloud, data, endpoint, identity, network, and operations solutions, is publicly available on Zscaler’s Technology Alliances Ecosystem page.

Yes, Zscaler maintains plug-and-play integrations with many leading SD-WAN platforms. Refer to the full list of Zscaler’s networking technology partners to learn more.

Yes, Zscaler establishes secure tunnels for direct internet breakout via Zscaler Internet Access points of presence (PoPs) and API-based integrations with leading SD-WAN technology partners. Refer to the full list of Zscaler’s network/SD-WAN technology partners to learn more.

Yes, Zscaler can decrypt and inspect east-west TLS/SSL traffic to uncover threats. Inspection can be applied broadly or granularly based on criteria such as specific apps or users, providing administrators full control over when and where protection is enforced. Refer to this Zscaler blog post to learn more.

Zscaler integrates with leading security orchestration, automation, and response (SOAR) platforms to help security operations center (SOC) teams enforce and automate event lookups, reputation checks, and blocking actions within Zscaler. Refer to the full list of Zscaler SOAR integrations to learn more.

Yes, Zscaler logs support forensic analysis. Files identified as malicious are quarantined in the Zscaler cloud and accessible by Zscaler research teams. Forensics and research on quarantined files are performed on a copy, not the original file. Customers can access quarantined files and related forensic data through the Zscaler Internet Access (ZIA) Admin UI or download a copy for analysis.

Zscaler Security Operations, a unified vulnerability and risk management platform, leverages telemetry from the world’s largest inline security cloud and third-party sources such as CrowdStrike to assess risk as well as detect and contain breaches. Through continuous monitoring and AI-driven insights, the platform can immediately pinpoint and block compromised users to prevent successful attacks.

If Zscaler Sandbox policy is configured to block known malicious files and a user attempts to download one, the service notifies the user of the block action and justification. Zscaler Sandbox also logs transactions in real time for easy reporting. Customers receive global, real-time security updates based on trillions of daily signals and thousands of actively blocked threats, with near-instant delivery of known benign files.

No, Zscaler does not offer a marketplace for integrations at this time. All partner integrations are publicly available on the company’s Technology Alliances Ecosystem page.

Zscaler collaborates with MSSPs by providing a cloud native security architecture that helps them deliver scalable, flexible security solutions to their customers. MSSPs leverage Zscaler’s suite of security services, including zero trust network access (ZTNA) and threat protection, to ensure strong cybersecurity and seamless user access across distributed workforces.

Zscaler maintains 200+ integrations across 100+ partners. For more details on the Zscaler partner ecosystem, refer to Zscaler’s Technology Alliances Ecosystem page.

Yes, Zscaler supports cross-technology implementations by integrating with a vast ecosystem of technology partners across domains such as cloud, data, endpoint, identity, network, and operations. These collaborations enable seamless interoperability, offering scalable and secure solutions tailored to diverse enterprise needs. Refer to Zscaler’s Technology Alliances Ecosystem page for more details.