Today’s post was written by Sue Bohn, Director of Program Management at Microsoft, Luis Mendoza, Senior Director of Business Development at Zscaler, and Dhawal Sharma, Senior Director of Product Management at Zscaler.
I’m Sue Bohn, director of program management for Identity and Access Management. I’m delighted to welcome Zscaler, a global cloud-based information security company. Their security cloud platform encompasses more than 100 data centers on six continents, and processes as many as 65 billion requests per day. Zscaler is also a member of the Microsoft Intelligent Security Association (MISA), a collaborative program that helps organizations worldwide defend against increasingly sophisticated, fast-moving threats.
In this post for the Voice of the Independent Software Vendor (ISV) blog series, Luis Mendoza and Dhawal Sharma join us from Zscaler to describe how they took advantage of single sign-on (SSO) and System for Cross-Domain Identity Management (SCIM) provisioning features in Azure Active Directory (Azure AD) to improve security, workflow, and the user experience for thousands of their customers worldwide.
Connecting customers securely and quickly to their destination
Zscaler is a cloud security solution for enterprise customers worldwide. We have about 4,000 enterprise customers, and all their internet-bound traffic goes through our cloud delivery platform. We supply security to them, which includes protecting their users from downloading anything bad into their workplace and making sure that nothing sensitive leaks out of the organization.
We knew that integrating with Azure AD was a smart choice because of feedback from our customers. They were standardizing on Office 365 and looking at investing in the Azure cloud. When we looked across our security cloud, we saw daily traffic for Office 365 steadily increasing; to date it’s already surpassed 20 percent of total traffic, making it the largest application on the network. That signaled an opportunity to ensure a good user experience and the best security profile for our customers. Integrating with Azure AD would give our customers the ability to securely manage Office 365 and any SaaS or custom application with Zscaler.
Integrating Zscaler with Azure AD SSO
We wanted to make sure that our customers have a secure environment for their apps and internet, and that they had a smooth user experience. To that end, we decided to configure single sign-on (SSO) for Azure AD for a fast, secure passage through our platform. Azure AD and SSO provide a single point of authentication. By integrating Zscaler with Azure AD SSO, we’re able to provide customers with the following benefits:
- Enable users SSO to Zscaler with their Azure AD accounts
- Control who has access to Zscaler in Azure AD
- Manage accounts centrally through the Azure portal
Additionally, we recently made configuring SSO for Zscaler apps even easier for our joint customers by enabling One-Click SSO. Taking advantage of this feature for SSO in Azure AD is more efficient and reduces errors for our customers. Now they can configure SSO when setting up Zscaler apps with just one click.
Expanding investment in the Azure AD provisioning service
As a security company, we’re always thinking about IT— how IT departments manage individual user IDs and passwords that are associated with different cloud apps, and what we can do to improve that experience and make it more secure. We have several apps in the Azure AD App Gallery that support both Azure AD SSO and Azure AD user provisioning. When you use our apps, you can now deploy them quickly throughout your organization and increase adoption while keeping your corporate assets safe. Furthermore, with always up-to-date user data, you can quickly adapt policy controls in response to changes in user security posture. Additionally:
- Companies can reduce possible security risks by deprovisioning a user from all cloud apps when that user leaves the company
- End users get the tools they need when they join a company
- Administrators can add or remove applications from a central location
We’ve worked with the Azure team on several projects and we’ve always had great communication with them. When we started the SSO request, they helped us right away. The API documentation was well written, clear, and useful. We decided to standardize on SCIM to automatically provision users and groups from Azure AD. Microsoft invested significant time and resources testing our implementation and integration. As a result, our customers didn’t find any issues during their own tests. It’s been really beneficial working with a partner like Microsoft.
Making life easier for customers benefits our business
Our ongoing partnership with Microsoft makes life easier for our customers. It’s really that simple. Microsoft is one of the major leaders in the cloud computing space. Our customers, and potential customers, gravitate to Office 365 and Azure, so it’s a competitive advantage. Plus, the Azure AD App Gallery is a powerful channel to market and sell our solutions. Microsoft makes it easy for customers to find us and provides tools that we can use to attract new customers.
We enjoy innovating with new technologies. We’re a company built in the cloud. That’s what separates us from our competitors. We’ve found that Azure AD has improved the time we spend developing a proof of concept. Setting up an identity and configuring networking are time consuming and cumbersome. Working with Azure AD makes the overall set-up and deployment process much easier and faster.
I hope you enjoyed reading about Zscaler’s integration story and will be able to apply some of their recommendations to your own integration plans. You can learn more about Zscaler’s integration experience at: this link and expect more ISV partner stories coming soon. In the meantime, check out the Azure Active Directory Identity Blog series to read other stories about Azure AD and identity management.
Read about automated user provisioning for Zscaler, now in public preview.
Learn how to configure the One Click SSO feature for Azure AD gallery apps that support SAML here.