First and foremost:
If you need immediate support, please review the link below for available options: https://help.zscaler.com and click on the support menu.
NOTE: Zscaler will NEVER ask you for your account or password. If someone represents themselves as a Zscaler employee who is asking for your username or password. Stop talking to them and contact your account team.
Zscaler support and customer success have the ability to access your instance using the Remote Assistance process provided you give them access.
 |
 |
Sales and Sales Engineering teams do not have access to this functionality.
In an effort to serve you better, your local SE (me) may request an account in your instance.
Whether you grant that access is entirely up to you. Your local SE is not Tech Support (see above), but is always willing to help get things escalated if needed.
When you do open a ticket (see above) you should always include him/her on the ticket for the greatest visibility. We have a “CC List (separate multiple email addresses with a comma)” address field for that on all ticket forms.
With a read-only account, I can:
- Log into your instance and see what you see exactly what you see.
- While I’m not Tech Support, having the ability to review your logs to help research an issue always helps.
- Makes reviewing your configuration for best practices and suggestions a whole lot easier.
- Makes working through new features and functionality a whole lot easier.
Basically, it’s there to help me to help you.
So with that in mind, here’s how you create that Read-Only Admin accounts for your local SE (me).
Log into your port and choose Role Management from the admin menu. We’re going to define the role first:
Choose Add Administrator Role:
Let’s create the Role “Admin Read Only”
Fill in the following fields and set the following settings:
Name: Admin Read Only
Log Limit: Unrestricted will give me access to all cloud logs (up-to 6 months)
Dashboard Access: FULL, this allows me to tweak my dashboard, and can test, create widget settings for you.
Reporting Access: Choose FULL or I won’t have access to logs.
Policy Access: Choose “View Only” I do not want full access to your policies.
Usernames: Obfuscated is preferred, unless you want me to have access to usernames to research a specific users problem.
Functional Scope: Check all the boxes.
Click Save and Activate your changes.
Now let’s create a user and apply this role to it.
From the administration menu choose Administrator Management.
Choose Add Administrator:
Create this local SE Account:
LoginID should be: ZscalerSE@ (YourDomain), I do not need to have an account in your domain, or IDP
Email: needs to match above, it’s not required that I have an email address in your organization, I won’t be able to subscribe to reports, etc.
Name: Should match the loginID above (ZscalerSE)
Role: Choose the role we created “Admin Read Only”
Scope: Set to Organization
Comments: Add any you feel appropriate.
Password: Choose a good strong password, and transmit that to me in a safe manner. You are free to roll this password at any time.
That’s all there is to it. We are covered by mutual NDA’s, as well as our EUSA agreement. With usernames obfuscated (optional), no personal data is at risk in any way.
-=Matt Disher
Sales Engineer / Major Accounts / Ohio Valley
Zscaler, Inc.
Mobile: +1 513.549.3474
Email: mdisher@zscaler.com