Product

Beyond Identity and Zscaler

Written By
Published On
Dec 7, 2022

Transcription

The first part of the demo shows Federated Web Login experience into the Zscaler admin portal using direct SAML-based integration with Beyond Identity platform authenticator. The admin simply enters their login username and signs on seamlessly into the admin dashboard. The second part of the demo shows Federated login for end-users using the Zscaler Client Connector application. 

This application runs on macOS, Windows, iOS, and Android. The end-user is seamlessly able to perform MFA using Beyond Identity and login to both Zscaler Internet Access, ZIA, and Zscaler Private Access, ZPA. Now, we'll see how Beyond Identity is able to leverage its policy engine to enforce device disconnection from ZPA. 

Beyond Identity's platform authenticator collects sophisticated risk signals from the device and uses Zscaler Cloud as a policy enforcement point. We begin with writing policies into the Beyond Identity Cloud. As you can see, we have a policy in place to continuously monitor firewall status of any device with macOS. 

A change in this posture will result in a disconnection from ZPA, and a further reconnection attempt to ZPA will be blocked by Beyond Identity. We now initiate a device posture change manually on a Mac. We can monitor Beyond Identity events to detect this change via continuous posture checks via the Beyond Identity agent on the device. 

In an instant, the continuous posture check detects this change at a policy deny event is registered in the Beyond Identity Cloud. Let's have a look at how the policy enforcement now occurs On Zscaler Cloud. You can see Client Connector on one side and the device in registered state on Zscaler Cloud on the other side. 

The posture change detected by the Beyond Identity platform authenticator triggers an enforcement event on Zscaler to remove the specific device from its list. The ZPA Client Connector will then detect this change and the service status will change from connected to connecting. 

This forces the user to log out from Zscaler Client Connector app and reconnect. The reconnection to ZPA is now blocked by Beyond Identity, completing a closed-loop integration.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.

Beyond Identity and Zscaler

Download

Transcription

The first part of the demo shows Federated Web Login experience into the Zscaler admin portal using direct SAML-based integration with Beyond Identity platform authenticator. The admin simply enters their login username and signs on seamlessly into the admin dashboard. The second part of the demo shows Federated login for end-users using the Zscaler Client Connector application. 

This application runs on macOS, Windows, iOS, and Android. The end-user is seamlessly able to perform MFA using Beyond Identity and login to both Zscaler Internet Access, ZIA, and Zscaler Private Access, ZPA. Now, we'll see how Beyond Identity is able to leverage its policy engine to enforce device disconnection from ZPA. 

Beyond Identity's platform authenticator collects sophisticated risk signals from the device and uses Zscaler Cloud as a policy enforcement point. We begin with writing policies into the Beyond Identity Cloud. As you can see, we have a policy in place to continuously monitor firewall status of any device with macOS. 

A change in this posture will result in a disconnection from ZPA, and a further reconnection attempt to ZPA will be blocked by Beyond Identity. We now initiate a device posture change manually on a Mac. We can monitor Beyond Identity events to detect this change via continuous posture checks via the Beyond Identity agent on the device. 

In an instant, the continuous posture check detects this change at a policy deny event is registered in the Beyond Identity Cloud. Let's have a look at how the policy enforcement now occurs On Zscaler Cloud. You can see Client Connector on one side and the device in registered state on Zscaler Cloud on the other side. 

The posture change detected by the Beyond Identity platform authenticator triggers an enforcement event on Zscaler to remove the specific device from its list. The ZPA Client Connector will then detect this change and the service status will change from connected to connecting. 

This forces the user to log out from Zscaler Client Connector app and reconnect. The reconnection to ZPA is now blocked by Beyond Identity, completing a closed-loop integration.

Beyond Identity and Zscaler

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Transcription

The first part of the demo shows Federated Web Login experience into the Zscaler admin portal using direct SAML-based integration with Beyond Identity platform authenticator. The admin simply enters their login username and signs on seamlessly into the admin dashboard. The second part of the demo shows Federated login for end-users using the Zscaler Client Connector application. 

This application runs on macOS, Windows, iOS, and Android. The end-user is seamlessly able to perform MFA using Beyond Identity and login to both Zscaler Internet Access, ZIA, and Zscaler Private Access, ZPA. Now, we'll see how Beyond Identity is able to leverage its policy engine to enforce device disconnection from ZPA. 

Beyond Identity's platform authenticator collects sophisticated risk signals from the device and uses Zscaler Cloud as a policy enforcement point. We begin with writing policies into the Beyond Identity Cloud. As you can see, we have a policy in place to continuously monitor firewall status of any device with macOS. 

A change in this posture will result in a disconnection from ZPA, and a further reconnection attempt to ZPA will be blocked by Beyond Identity. We now initiate a device posture change manually on a Mac. We can monitor Beyond Identity events to detect this change via continuous posture checks via the Beyond Identity agent on the device. 

In an instant, the continuous posture check detects this change at a policy deny event is registered in the Beyond Identity Cloud. Let's have a look at how the policy enforcement now occurs On Zscaler Cloud. You can see Client Connector on one side and the device in registered state on Zscaler Cloud on the other side. 

The posture change detected by the Beyond Identity platform authenticator triggers an enforcement event on Zscaler to remove the specific device from its list. The ZPA Client Connector will then detect this change and the service status will change from connected to connecting. 

This forces the user to log out from Zscaler Client Connector app and reconnect. The reconnection to ZPA is now blocked by Beyond Identity, completing a closed-loop integration.

Beyond Identity and Zscaler

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Transcription

The first part of the demo shows Federated Web Login experience into the Zscaler admin portal using direct SAML-based integration with Beyond Identity platform authenticator. The admin simply enters their login username and signs on seamlessly into the admin dashboard. The second part of the demo shows Federated login for end-users using the Zscaler Client Connector application. 

This application runs on macOS, Windows, iOS, and Android. The end-user is seamlessly able to perform MFA using Beyond Identity and login to both Zscaler Internet Access, ZIA, and Zscaler Private Access, ZPA. Now, we'll see how Beyond Identity is able to leverage its policy engine to enforce device disconnection from ZPA. 

Beyond Identity's platform authenticator collects sophisticated risk signals from the device and uses Zscaler Cloud as a policy enforcement point. We begin with writing policies into the Beyond Identity Cloud. As you can see, we have a policy in place to continuously monitor firewall status of any device with macOS. 

A change in this posture will result in a disconnection from ZPA, and a further reconnection attempt to ZPA will be blocked by Beyond Identity. We now initiate a device posture change manually on a Mac. We can monitor Beyond Identity events to detect this change via continuous posture checks via the Beyond Identity agent on the device. 

In an instant, the continuous posture check detects this change at a policy deny event is registered in the Beyond Identity Cloud. Let's have a look at how the policy enforcement now occurs On Zscaler Cloud. You can see Client Connector on one side and the device in registered state on Zscaler Cloud on the other side. 

The posture change detected by the Beyond Identity platform authenticator triggers an enforcement event on Zscaler to remove the specific device from its list. The ZPA Client Connector will then detect this change and the service status will change from connected to connecting. 

This forces the user to log out from Zscaler Client Connector app and reconnect. The reconnection to ZPA is now blocked by Beyond Identity, completing a closed-loop integration.

Book

Beyond Identity and Zscaler

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.