Zscaler Integration for SaaS Discovery

Introduction

Zscaler is a cloud-based security platform that protects corporate networks and internet access through services like web security, firewall protection, data loss prevention, and secure web gateway functionality.

Once the Zscaler integration is configured, SAP LeanIX uses Zscaler to discover the SaaS applications used within your organization. LeanIX uses Zscaler's ZIA API to discover SaaS applications. To set up this integration, you must provide Zscaler credentials with the appropriate permissions.

📘

Note

If you intend to manually review and link each discovered application to fact sheets, deactivate automatic linking in the SaaS discovery inbox settings before configuring the integration. For details, see Automatic Linking.

Implementation Details

LeanIX uses Zscaler's ZIA API to discover SaaS application activity. The integration relies on the Shadow IT report, which provides detailed information on the applications being used across your corporate network and the extent of their usage. For usage adoption metrics, the total active unique users in Zscaler are calculated based on the user count of the past 7 days.

After setting up the integration, to cross-check the discovered services in the Zscaler Admin portal, hover over Analytics in the left-side pane and select Applications under the SaaS Security section.

Discovery Capabilities

Zscaler integration offers the following capabilities:

You get the following information about the discovered SaaS:

• External Category
• Application Status
• Application Risk Index
• Active users (past 7 days)
• Upload Bytes
• Download Bytes
• Total Traffic (in Bytes)
• Locations
• Notes
• Potential Integrations
• Tags
• Certifications
• Data Breaches in the Last 3 Years
• MFA Support

Setting up Zscaler Integration

Create a New API Role

1. Go to Administration → Role Management → Add API Role.

2. Provide a suitable name, assign the necessary permissions, and define the functional scopes of the role:

   Permission	Status
   Dashboard Access	Full
   Reporting Access	Full
   Insights Access	View Only
   Policy Access	View Only
   User Names	Visible
   Device Information	Visible

   
   

   Functional Scope	Status
   Advanced Settings	Enabled
   Access Control (Web and Mobile)	Enabled

   The rest of the permissions and functional scopes can be disabled.

3. Click Save.

Create a New User for the Integration

1. Login to Zscaler ZIA portal.
2. Navigate to the Administration → Administrator Management → Administrators
3. Add a new administrator by selecting + Add Administrator.

📘

Note

For the role, make sure you select the API role you created under Create a New API Role.

Create an API Token in Zscaler

📘

Note

• Each organization can only have one API key. For more details, see Zscaler Cloud Service API Key.
• Ensure that the language for the integration user in Zscaler is set to English.

1. Log out and log in again using the newly created user account.
2. Navigate to Administration → Cloud Service API Security.
3. In the Cloud Service API Key tab, select + Add API Key to create a new key.

Enter the Necessary Credentials in SAP LeanIX

1. Add the Zscaler integration in SAP LeanIX. For more, see Setting-up Out-of-the-Box Integrations.
2. In the configuration, choose a name for the integration and the type of capabilities or data you want to get from Zscaler.
3. Enter the credentials from the ZIA portal that you have generated into the corresponding fields:
   1. API URL: URL where your Zscaler instance is deployed (e.g., https://zsapi.zscalerthree.net).
   2. Username: Username created and used on the ZIA portal.
   3. Password: Password of the user created on the ZIA portal.
   4. API Key: API key generated on the ZIA portal.

4. Click Finish and wait for the connection to be established.