--- title: Zscaler API Integration on Truto slug: zscaler category: Application Development canonical: "https://truto.one/integrations/detail/zscaler/" --- # Zscaler API Integration on Truto **Category:** Application Development **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Zscaler account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Zscaler.** The Proxy API is a 1-to-1 mapping of the Zscaler API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automated employee offboarding across zero-trust infrastructure** — HR and identity lifecycle platforms can revoke Zscaler access the moment an employee is terminated, ensuring immediate severance from both internet (ZIA) and private application (ZPA) access without manual admin intervention. - **Just-in-time access provisioning for contractors and temporary workers** — ITSM and workflow automation platforms can programmatically add users to specific Zscaler groups to grant time-bound access to internal applications, eliminating VPN overhead and manual security team involvement. - **Real-time group-based policy enforcement from security platforms** — Cybersecurity and XDR platforms can move compromised users into restrictive Zscaler quarantine groups in seconds, dramatically reducing mean-time-to-respond for active threats detected outside of Zscaler's own telemetry. - **Centralized directory sync for multi-tool security environments** — Identity governance platforms can keep Zscaler's user and group directory in sync with a canonical source of truth, ensuring that access policies always reflect the current organizational structure without drift. ## What you can build - **One-click Zscaler user deprovisioning** — Automatically deactivate or remove a user in Zscaler when their status changes in your product, using Truto's Unified User Directory API for consistent handling across identity providers. - **Group-based access control dashboard** — Let your customers view and manage Zscaler group memberships directly within your product to assign or revoke application-level access policies without switching to the Zscaler admin console. - **Cross-platform user directory audit** — Surface discrepancies between your customers' Zscaler user directory and other connected systems, flagging orphaned accounts or missing group assignments that could create security gaps. - **Automated quarantine group assignment** — When your platform detects a policy violation or security incident, programmatically move the affected user into a designated restrictive Zscaler group to contain the threat in real time. - **Bulk user and group sync on connect** — Import your customer's full Zscaler user and group hierarchy the moment they connect their account, giving your product immediate context for role-based features and policy mapping. ## FAQs ### What authentication method does Zscaler use for API access? Zscaler's APIs use API key-based authentication for ZIA and OAuth 2.0 client credentials for ZPA. Truto handles the auth flow so your team doesn't need to manage token refresh or key rotation. ### Which Zscaler data can I access through Truto's Unified User Directory API? Truto's Unified User Directory API maps to Zscaler's Users and Groups resources, covering user provisioning, deprovisioning, group assignment, and directory reads. These align with Zscaler's SCIM and admin API endpoints. ### Are there specific Truto tools available for Zscaler today? Zscaler tools are built on request. If you need capabilities beyond the Unified User Directory API — such as policy management, URL blocklist updates, or log streaming — Truto can build custom tools tailored to your use case. ### Does Zscaler impose rate limits on API calls? Yes, Zscaler enforces rate limits on its REST APIs that vary by endpoint and tenant tier. Truto manages pagination and request throttling automatically to prevent your integration from hitting these limits. ### Can I sync both ZIA and ZPA user directories through a single integration? ZIA and ZPA have separate API surfaces and authentication mechanisms. Truto abstracts this complexity so you can work with a single unified user and group model regardless of which Zscaler product your customer uses. ### How does Truto handle Zscaler's cloud-specific deployment regions? Zscaler tenants are hosted on region-specific cloud instances (e.g., zscloud.net, zscaler.net). When your end user connects their Zscaler account through Truto, the correct base URL is configured as part of the connection setup.