r/Zscaler

Using persona's in ZPA

Question for Zscaler ZPA users.

We are a company of 8k ZPA users, and trying to figure out the best practices for how we create persona's or groupings for our users.

We started with a 3rd party consultant who recommended we use SCIM attributes, which worked to an extent, but in a large corporation the simple attributes (organization,division) broke them up, but not enough granularity to get to a least privilege concept. We added additional attributes which gave us more granularity, but then the inevitable happened. A HR re-org, changed a bunch of the SCIM attributes completely messing up our access policies.

Anyone in a big corporation, what has worked well for you, or what would you recommend for new customers planning a ZPA deployment?

reddit.com
u/Interesting_Pomelo32 — 4 days ago

Zscaler client on Cloud PC to connect to customer

Dear all,

We support multiple companies. For security purpose we have a Cloud PC (W365 machine) for each user/customer combination. We use default Cloud PC's for small business from Microsoft. Nothing fancy configured.

For one customer we need to have Zscaler installed, and here is where the trouble start. Installation goes smooth and initial SSO logon, no issue. But when connection, we get connection errors and FW/AV errors. Helpfiles aren't really helping and telling ask your administrator. Customer says issue is on our side. Tried with exclusions on firewall and Defender, but no luck. Logfiles aren't really helpfull aswell. Can't find any obvious clues in there were to look for.

Anyone who can point me in a direction I should be looking for?

reddit.com
u/Muted-Complaint-8603 — 6 days ago
▲ 2 r/Zscaler+1 crossposts

Need help with zscaler

Has anyone dealt with a similar setup for a company assessment?

I have a company-managed Windows laptop with Zscaler installed. The Windows sign-in account is shared among around 15 people, and the laptop only allows access to the assessment website while most other websites are blocked.

I'm wondering what would happen if I signed into Windows using my own personal Microsoft account instead of the shared company account and then tried to access the assessment website.

Would the website still work, or would the restrictions remain because they're enforced at the device or network level? Has anyone tried something similar on a managed laptop with Zscaler?

reddit.com
u/theBW7 — 6 days ago
▲ 5 r/Zscaler+1 crossposts

Skipping ZDTA/EDU-200 with 2 years implementation exp—is EDU-202 to ZDTE realistic?

>Hey everyone, Looking for some advice on the current Zscaler cert path.
I have 2 years of solid, hands-on experience with ZIA, ZPA, SIPA, and ZDX. This includes both day-to-day operations/troubleshooting and full project implementations.
Since Zscaler doesn't strictly enforce prerequisites anymore, I want to skip EDU-200 and the ZDTA exam entirely. My plan is to jump straight into the EDU-202 (Zscaler for Users - Engineer) course and sit for the ZDTE exam.
For those who have taken the ZDTE recently: given my implementation background, will studying only the EDU-202 material cover the gaps, or does the ZDTE exam heavily test random minutia from the EDU-200 curriculum that I might miss? Thanks!

reddit.com
u/thihaleo007 — 9 days ago

Can UniFi+Zscaler (ZIA/ZPA) meet CMMC L2?

We are a small manufacturing company preparing for a CMMC L2 assessment. i am the IT dept of one person. I was wondering if I can keep, unifi UDM pro, switches, APs planning to add Zscaler ZIA & ZPA.

Instead of replacing our UDM Pro w/ a FortiGate or Palo Alto, we are planning to use ZIA/ZPA for Zero Trust access while keeping the UniFi infrastructure. UDM Pro just for routing/NAT, switches for VLAN (not sure if we still need this after zscaler implementation) and APs just for guest Wi-Fi.

Has anyone passed a CMMC L2 assessment w/ Unifi+Zscaler setup? did the assessor have any concerns w/ using UniFi for the network while relying on Zscaler for security and access control?

reddit.com
u/Great-Tomatillo-8267 — 11 days ago