Zscaler Integration for SaaS Discovery

Configure the LeanIX-Zscaler integration to automatically discover and manage SaaS applications using Zscaler's ZIA API.

Introduction

Zscaler is a cloud-based security platform that protects corporate networks and internet access through services like web security, firewall protection, data loss prevention, and secure web gateway functionality.

Once the Zscaler integration is configured, SAP LeanIX uses Zscaler to discover the SaaS applications used within your organization. LeanIX uses Zscaler's ZIA API to discover SaaS applications. To set up this integration, you must provide Zscaler credentials with the appropriate permissions.

📘

Note

If you intend to manually review and link each discovered application to fact sheets, deactivate automatic linking in the SaaS discovery inbox settings before configuring the integration. For details, see Automatic Linking.

Implementation Details

LeanIX uses Zscaler's ZIA API to discover SaaS application activity. The integration relies on the Shadow IT report, which provides detailed information on the applications being used across your corporate network and the extent of their usage. For usage adoption metrics, the total active unique users in Zscaler are calculated based on the user count of the past 7 days.

After setting up the integration, to cross-check the discovered services in the Zscaler Admin portal, hover over Analytics in the left-side pane and select Applications under the SaaS Security section.

Integration CategoriesAuthentication MechanismAPI Endpoints UsedZscaler Resource
Cloud Access Security Brokers (CASB)REST API - API token authFor API authentication: /api/v1/authenticatedSession

For SaaS discovery: /api/v1/cloudApplications/lite
/api/v1/shadowIT/applications/export
Shadow IT Report

Discovery Capabilities

Zscaler integration offers the following capabilities:

Available CapabilitiesDescriptionZscaler Resource
SaaS Discovery (Standard)SaaS discovery automatically identifies your organization's SaaS applications.Discovered apps
Usage Indication (Standard)Provides insights into how users in your organization access applications. This helps you make informed decisions about adding discovered applications to the inventory.Active users (past 7 days)

You get the following information about the discovered SaaS:

  • External Category
  • Application Status
  • Application Risk Index
  • Active users (past 7 days)
  • Upload Bytes
  • Download Bytes
  • Total Traffic (in Bytes)
  • Locations
  • Notes
  • Potential Integrations
  • Tags
  • Certifications
  • Data Breaches in the Last 3 Years
  • MFA Support

Setting up Zscaler Integration

Create a New API Role

  1. Go to AdministrationRole ManagementAdd API Role.

  2. Provide a suitable name, assign the necessary permissions, and define the functional scopes of the role:

    PermissionStatus
    Dashboard AccessFull
    Reporting AccessFull
    Insights AccessView Only
    Policy AccessView Only
    User NamesVisible
    Device InformationVisible

    Functional ScopeStatus
    Advanced SettingsEnabled
    Access Control (Web and Mobile)Enabled

    The rest of the permissions and functional scopes can be disabled.

  3. Click Save.

Create a New User for the Integration

  1. Login to Zscaler ZIA portal.
  2. Navigate to the AdministrationAdministrator ManagementAdministrators
  3. Add a new administrator by selecting + Add Administrator.
Creating New User in Zscaler ZIA Portal

Creating New User in Zscaler ZIA Portal

📘

Note

For the role, make sure you select the API role you created under Create a New API Role.

Create an API Token in Zscaler

📘

Note

  • Each organization can only have one API key. For more details, see Zscaler Cloud Service API Key.
  • Ensure that the language for the integration user in Zscaler is set to English.
  1. Log out and log in again using the newly created user account.
  2. Navigate to AdministrationCloud Service API Security.
  3. In the Cloud Service API Key tab, select + Add API Key to create a new key.
Creating API token

Creating API token

Enter the Necessary Credentials in SAP LeanIX

  1. Add the Zscaler integration in SAP LeanIX. For more, see Setting-up Out-of-the-Box Integrations.
  2. In the configuration, choose a name for the integration and the type of capabilities or data you want to get from Zscaler.
  3. Enter the credentials from the ZIA portal that you have generated into the corresponding fields:
    1. API URL: URL where your Zscaler instance is deployed (e.g., https://zsapi.zscalerthree.net).
    2. Username: Username created and used on the ZIA portal.
    3. Password: Password of the user created on the ZIA portal.
    4. API Key: API key generated on the ZIA portal.
Configuring Integration of Zscaler in LeanIX

Configuring Integration of Zscaler in LeanIX

  1. Click Finish and wait for the connection to be established.