This guide provides step-by-step instructions to set up Cloudi-fi Captive Portal with your existing Zscaler tenant, ensuring full synchronization.
Overview
Cloudi-Fi Captive portal is configured into an existing Zscaler tenant leveraging existing GRE/IPSEC tunnels. The source guest network(s) should be routed into the tunnels.
With Full option, Zscaler configuration is fully synchronized with Cloudi-Fi.
Key Information to Share with Cloudi-fi Support Team
| Attribute | Value | Where? |
| Cloudi-fi Guest domain | To share | Go to Step 2: Add a Cloudi-Fi Guest domain to Zscaler account |
Prerequisites
Step 1: Authentication Check
Before proceeding, verify the following settings to avoid conflicts with Cloudi-Fi integration, especially related to Multiple Authentication Domains:
- Go to Zscaler Admin interface > Administrations > Authentications > Authentications Settings > Authentication Profiles
- User Repository Type: Must be set as Hosted DB
- User Authentication Type: Must be set as SAML
- Go to Zscaler Admin interface > Administrations > Authentications > Authentications Settings > Identify Providers
- The login attribute returned by your existing Identity Provider (IdP) must be unique and in the form of an email address (e.g., user@my-company.com)
- If the login attribute only returns a username without a domain, Zscaler cannot perform authentications on multiple domains. For example, the ADFS Attribute sAMAccountName only returns a username without a domain
Step 2: Add a Cloudi-Fi Guest domain to Zscaler account
To add a Cloudi-Fi Guest domain to your Zscaler account, you are required to submit a ticket and furnish the following details:
- The domain name provided by the Cloudi-Fi team (e.g., your-company.cloudi-fi.net)
- Make sure to include the following information in the ticket:
- Orange: Your Zscaler Company ID
- Purple: The authentication domain to be added
- Blue: Your company name
Step 3: Check Subscriptions
Ensure the following features are activated for a Full integration:
- Z_API:
- Go to your Zscaler Admin interface > Administration > Company Profile > Subscriptions
- Ensure that the Z_API subscription is activated. If not activated, submit a ticket to Zscaler support
- IP_Surrogate:
- Check if "Enable Internal IP Features" is enabled. If not, submit a ticket to Zscaler support
Step 4: Advanced Settings
Enable the "Policy for unauthenticated traffic" option to trigger the captive portal for unauthenticated Guests.
Instructions
Step 1: Creation/Collection of API Key
- Go to Zscaler Admin interface > Administration > Authentication > Cloud Service API Security
- Create or collect the API key required for integration
Step 2: Creation of an Admin account
- Go to Zscaler Admin interface > Administration > Authentication > Administrator Management > Administrators
- Add an administrator with the following details:
- Login ID: Use the domain provided in Add a Cloudi-Fi Guest domain to your Zscaler account (e.g., provisioning.api@your-company.cloudi-fi.net).
The Login ID used in Zscaler matches the Zscaler username used in Cloudi-fi - Role: Super Admin
- Password Based Login: ON (Set a password)
- Save the settings
- Login ID: Use the domain provided in Add a Cloudi-Fi Guest domain to your Zscaler account (e.g., provisioning.api@your-company.cloudi-fi.net).
Step 3: Synchronize your Cloudi-fi tenant with Zscaler tenant
- Go to your Cloudi-fi Admin interface > Configurations > Integrations > Zscaler.
- Enable the Zscaler integration
- Enter the following details:
- Zscaler API Key: Use the API key obtained in Step 1 Creation/Collection of API Key
- Zscaler Username and Zscaler Password: Use the Login ID and password created in Step 2 Creation of an Admin account
- Zscaler Cloud: Select your Zscaler Cloud
- Tenant type: Existing tenant
- Synchronisation Mode: Full
-
Finally, click on the "Connect" button.
For detailed information on all configurations pushed during this synchronization, please navigate to: How to deploy Cloudi-fi Captive portal into an existing Zscaler tenant - option Location Only
Troubleshooting:
Once you have completed the configuration steps, you are now ready to start using the Cloudi-fi captive portal solution. If you encounter any issues or have any questions, please do not hesitate to reach out to our Support team.
Additionally, you can consult the Cloudi-Fi and Zscaler Troubleshooting guide for further assistance.
What’s Next?
From now on, all of your locations with "CLOUDIFI" in their name will be automatically uploaded to the Cloudi-fi Admin interface under the Locations section.
For more information about our solutions integrated with Zscaler, including a how-to video and a comprehensive solution brief, please visit our partner page.