Zscaler Integration for SaaS Discovery

Configure the LeanIX-Zscaler integration to automatically discover and manage SaaS applications using Zscaler's ZIA API.

Overview

Zscaler is a cloud-based security platform that protects corporate networks and internet access. Through services like web security, firewall protection, data loss prevention, and secure web gateway functionality.

Once the LeanIX-Zscaler integration is configured, LeanIX uses Zscaler to discover the SaaS applications used within your organization. Discovered applications can then be automatically or manually linked to existing fact sheets in LeanIX or to create new fact sheets and connect them to catalog items.

LeanIX uses Zscaler's ZIA API to discover SaaS applications. To set up this integration, you must provide Zscaler credentials with the appropriate permissions.

Integration Details

Integration CategoriesAuthentication MechanismAPI Endpoints Used
Cloud Access Security Brokers (CASB)REST API - API token authFor API authentication: /api/v1/authenticatedSession

For SaaS discovery: /api/v1/cloudApplications/lite
/api/v1/shadowIT/applications/export

Implementation Details

LeanIX uses Zscaler's ZIA API to discover SaaS application activity and list fact sheets directly within the LeanIX platform. The integration relies on the Shadow IT report, which provides detailed information on the applications being used across the corporate network and the extent of their usage.

Discovery Capabilities

Available CapabilitiesEntity DescriptionZscaler Resource
SaaS DiscoverySaaS discovery is the process of automatically identifying applications.Shadow IT Report

Configurations in Zscaler

  1. Login to Zscaler ZIA portal.

  2. Create a new user.

    1. Navigate to the AdministrationAdministrator ManagementAdministrators
    2. Add a new administrator by selecting + Add Administrator.
Creating New User in Zscaler ZIA Portal

Creating New User in Zscaler ZIA Portal

👍

Tip

Assign only the necessary permissions to the role, as most are for dashboard access, and not for API access.

  1. Log out and log in again using the newly created user account.
  2. Create the API token. Note that each organization can only have one API key. For more details, see Zscaler Cloud Service API Key.
    1. Navigate to AdministrationCloud Service API Security.
    2. In the Cloud Service API Key tab, select + Add API Key to create a new key.
Creating API token

Creating API token

Configuring Integration of Zscaler in LeanIX

  1. In LeanIX, go to the administration area and select Integrations.
  2. Click Add integration. All available integrations are shown on the resulting page.
  3. Click Configure on the Zscaler integration.
  4. In the configuration, choose a name for the integration and the type of capabilities or data you want to get from Zscaler. Currently, only details of SaaS applications can be retrieved.
  5. In the final step, input the credentials from the ZIA portal that you have generated:
    1. API URL: URL where your Zscaler instance is deployed (e.g., https://zsapi.zscalerthree.net).
    2. Username: Username created and used on the ZIA portal.
    3. Password: Password of the user created on the ZIA portal.
    4. API Key: API key generated on the ZIA portal.
  6. Click Finish and wait for the connection to be established.
Configuring Integration of Zscaler in LeanIX

Configuring Integration of Zscaler in LeanIX