Skip to main content

Authorization

Follow this guide to create a new Zscaler credential that will allow Nexla to authenticate to and exchange data with your Zscaler Cloud NSS endpoint.
zscaler_api_auth.png

Zscaler

Prerequisites

Before creating a Zscaler credential, you'll need to obtain OAuth 2.0 credentials (Client ID and Client Secret) and an authentication token from your Zscaler account. Zscaler Cloud NSS (Network Security Services) uses OAuth 2.0 for API authentication, along with an authentication token for securing API requests.

To obtain Zscaler API credentials:

  1. Log in to your Zscaler admin portal. Navigate to your Zscaler ZIA (Zscaler Internet Access) or ZPA (Zscaler Private Access) admin console.

  2. Navigate to Administration > Cloud NSS or Settings > Cloud NSS in the Zscaler admin portal.

  3. In the Cloud NSS settings, you'll need to configure a feed for log submission. This involves:

    • Creating a new Cloud NSS feed or selecting an existing feed
    • Configuring the feed type (e.g., Firewall Logs, DNS Logs, SaaS Security Logs, Endpoint DLP Logs)

  4. In the feed configuration, you'll receive:

    • Base URL: This is the HTTPS URL for log submission services. This is typically provided in the Cloud NSS feed configuration.
    • Authentication Token: This is a string authentication token for securing API requests to Zscaler Cloud NSS endpoints via HTTP headers.

  5. For OAuth 2.0 credentials (if required):

    • Navigate to Administration > API Keys or Settings > API Keys in the Zscaler admin portal.
    • Create a new API key or OAuth application to obtain:
      • Client ID: A unique public identifier assigned to your application
      • Client Secret: A confidential password or key provided alongside the client ID

  6. Copy the Base URL, Authentication Token, Client ID, and Client Secret. Store them securely, as you'll need them to authenticate API requests.

Zscaler Cloud NSS uses OAuth 2.0 with client credentials flow (2-legged OAuth) for API authentication, along with an authentication token for securing API requests. The authentication token is sent as an HTTP header, and OAuth 2.0 credentials are used to obtain access tokens. Both are required for Zscaler Cloud NSS API access.

For detailed information about Zscaler Cloud NSS authentication and feed configuration, refer to the Zscaler Cloud NSS Documentation and Zscaler API Documentation.

Create a Zscaler Credential

  • To create a new Zscaler credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Zscaler

ZscalerCred.png

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Credential Settings

  1. In the Client ID field, enter the Client ID that you obtained from your Zscaler API key configuration. This is a unique public identifier assigned to your application for authentication purposes.

  2. In the Client Secret field, enter the Client Secret that you obtained from your Zscaler API key configuration. This is a confidential password or key provided alongside the client ID to authenticate your application.

  3. In the Authentication Token field, enter the authentication token that you obtained from your Zscaler Cloud NSS feed configuration. This is a string authentication token for securing API requests to Zscaler Cloud NSS endpoints via HTTP headers.

  4. In the Base URL field, enter the root URL for log submission services. This must be a valid HTTPS URL. This is typically provided in your Zscaler Cloud NSS feed configuration.

    The Client Secret and Authentication Token are sensitive information and should be kept secure. Both are required for Zscaler Cloud NSS API access. The OAuth 2.0 credentials are used to obtain access tokens, and the authentication token is sent as an HTTP header for securing API requests.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.