Views:

Integrate a supported IAM system with Zero Trust Secure Access and grant the required permissions.

Zero Trust Secure Access supports the following IAM systems:
You must grant certain permissions within your IAM system to enable Zero Trust Secure Access to monitor user sign-in attempts, access user data, and perform actions on user accounts. To enable user authentication for Private Access and Internet Access, you must configure SAML-based single sign-on (SSO) for your IAM system.
Note
Note
  • Zero Trust Secure Access supports SAML-based authentication across multipleIdentity Providers, whether they are from different IAM systems (for example, Entra ID, AD FS) or multiple instances of the same IAM system (for example, multiple AD FS tenants).
  • Internet Access also supports NTLM v2-based SSO for your on-premises Active Directory.
  • To ensure web access from public or home networks for users without the Secure Access Module, you must verify your authentication domain in Domain Verification. Domain verification is unnecessary when using NTLM v2 or Kerberos-based authentication.

Permission Requirements

Purpose
Permission
Data Upload
Policy Enforcement
Access user profiles and activity data for risk analysis
Yes
-
Take direct action on user accounts that violate policy rules (for example, Disable User Account, Force Sign Out, Force Password Reset)
Yes
Yes
Private Access authentication (SSO)
Yes
-
Internet Access authentication (SSO)
Yes
-