--- title: Zscaler ZIA API Integration on Truto slug: zscalerzia category: Default canonical: "https://truto.one/integrations/detail/zscalerzia/" --- # Zscaler ZIA API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Zscaler ZIA account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Zscaler ZIA.** The Proxy API is a 1-to-1 mapping of the Zscaler ZIA API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate user provisioning into Zscaler ZIA security policies** — IAM and HR platforms can automatically create, update, and deactivate users in Zscaler ZIA as part of employee lifecycle workflows, ensuring web security policies are applied from day one and revoked instantly on offboarding. - **Sync group memberships to enforce role-based web access** — SaaS platforms managing organizational structure can push group assignments into ZIA so that department-specific security policies — like DLP rules for Finance or URL restrictions for contractors — are applied dynamically without manual admin work. - **Centralize user directory across security tools** — Security operations platforms can read users and groups from ZIA alongside other security products to build a unified view of who has access to what, detect orphaned accounts, and ensure consistent identity hygiene across the security stack. - **Trigger policy changes based on directory events** — Workflow automation platforms can detect when a user moves between groups or departments and use that signal to adjust their Zscaler ZIA security posture, such as tightening web filtering when someone transitions to a role handling sensitive data. ## What you can build - **Automated ZIA user provisioning on employee onboarding** — Automatically create a user in Zscaler ZIA with the correct group assignment when a new hire is added to your platform's directory. - **Real-time group membership sync** — Keep ZIA security groups in sync with your platform's organizational structure so policy assignments stay current without manual intervention. - **Instant user deprovisioning on offboarding** — Deactivate or remove a user from Zscaler ZIA the moment they are terminated in your HR or identity platform, closing security gaps in seconds. - **Cross-product identity audit dashboard** — Pull users and groups from ZIA alongside other integrated tools to surface orphaned accounts, mismatched group memberships, and compliance gaps in a single view. - **Bulk directory migration tool** — Enable customers to import their existing ZIA user and group structure into your platform during initial setup, reducing onboarding time from days to minutes. ## FAQs ### How does authentication work with Zscaler ZIA? ZIA uses a proprietary session-based authentication mechanism. An API key is combined with a Unix timestamp to generate credentials, which are exchanged for a JSESSIONID session cookie. Truto handles this auth flow for you, so your application and your end users don't need to manage session lifecycle or key obfuscation. ### Which Zscaler ZIA resources are supported through Truto's Unified APIs? Truto's Unified User Directory API maps to ZIA's users and groups endpoints, letting you list, create, update, and manage users and their group assignments through a standardized interface. Additional ZIA-specific tools (e.g., URL categories, DLP dictionaries, sandbox reports) can be built on request. ### Can I access ZIA-specific endpoints not covered by the Unified User Directory API? Yes. Truto supports building custom tools on request. If you need access to ZIA endpoints like URL filtering categories, DLP dictionaries, or sandbox reports, Truto can add those as dedicated tools for your integration. ### Are there rate limits on the Zscaler ZIA API? Yes, Zscaler enforces rate limits on their API that vary by endpoint and tenant configuration. Truto manages pagination and request throttling so your integration handles these limits gracefully without requiring custom retry logic. ### How do end users connect their Zscaler ZIA account through Truto? End users provide their ZIA API key and admin credentials through Truto's embedded linking flow. Truto securely stores these credentials, manages session creation and renewal, and exposes a consistent API for your application to interact with their ZIA tenant. ### Does Truto handle the differences between ZIA cloud instances? Zscaler operates multiple cloud instances (e.g., zscaler.net, zscalerone.net, zscloud.net) with different base URLs. Truto accounts for this so your integration works regardless of which Zscaler cloud your end user's organization is hosted on.