SecureDynamics-Led Deployment for the ZPA Essentials Service Offering

Understand what’s included in a SecureDynamics-delivered ZPA Essentials project and how we align with Zscaler’s best-practice deployment blueprint.

🧭 Overview

This article outlines the technical scope and configuration limits for a Zscaler Private Access (ZPA) Essentials deployment delivered by SecureDynamics. This package is ideal for organizations seeking a strong foundation in Zero Trust access, including authentication, connector deployment, application segmentation, and pilot testing—all completed within 15 business days.

SecureDynamics is a Zscaler Delivery Services Authorized Partner, offering experienced engineers, structured engagements, and guidance that aligns with Zscaler's deployment playbooks.


🛠 Engagement Scope Summary

Category SecureDynamics ZPA Essentials Deployment
Product Scope ZPA only (Zscaler Private Access)
Delivery Model Remote, hands-on
Engagement Duration 15 business days from kickoff
User Rollout Up to 500 users
Project Management ❌ Not included, but we align with your internal PM
Assigned Consultant 1 Zscaler-certified engineer
Customer Responsibility Provide server/application inventory, connector VM resources, test users, and IdP details

✅ Configuration Scope – What’s Included

SecureDynamics configures your ZPA Essentials deployment based on Zscaler’s best-practice blueprint. The following are included:

Configuration Element Included
Authentication Integration One SAML or SCIM IdP
App Connector Deployment Up to 3 ZPA App Connectors
Segment Groups Up to 5 groups
Server Groups Up to 5 groups
Individual Servers Up to 5 servers
Applications Up to 5 apps
Application Groups Up to 5 app groups
Posture control
Up to 2 posture controls
Access Policies Up to 3 access policy
Browser Access Basic setup for up to 5 apps (no advanced tuning)
Policy Templates Based on ZPA Essentials-tier deployment blueprint
Pilot Rollout Guidance Up to 500 users across limited and production groups

❌ What’s Not Included

SecureDynamics follows the same exclusions Zscaler outlines for Essentials-tier ZPA deployments. These include:

Advanced ZPA Feature Configuration

  • Privileged Remote Access (PRA)
  • Deception
  • Double Hop Routing (ZPA-to-ZPA)
  • Cloud Connectors
  • Advanced segmentation strategies
  • Source IP anchoring

Identity & Posture Integration

  • Beyond standard SAML or SCIM configurations
  • MFA federation or multiple IdPs

Client Connector Customization

  • Tunnel 2.0 routing profiles
  • Zero Trust workflows

Custom Reporting & Dashboards

  • Beyond basic logging and access reports

Third-Party Integration

  • SD-WAN, SIEM, EDR, or IAM platform integrations

Ongoing Support or Tuning

  • Post-deployment tuning or operational support (unless separately scoped)

Deployment of Non-Essentials Tier Features

  • If your ZPA tenant includes PRA, ZDX integration, or other advanced features, those are not configured under this engagement

💡 SecureDynamics will always notify you if configuration requests approach scope boundaries and offer upgrade options for Advanced-tier support.


📌 Additional Notes

  • ZPA Essentials deployments must be completed within 15 business days of kickoff.
  • Pilot user rollout is supported but customers are responsible for production rollout and ongoing management.
  • No formal project management is included, but we are happy to collaborate with your assigned lead.

🔗 Helpful Links


🚀 Need a More Customized ZPA Deployment?

If your deployment includes:

  • Complex segmentation or multiple application tiers
  • Cloud connector or hybrid architecture integration
  • Advanced posture enforcement or device trust
  • Post-production tuning and long-term support

…consider upgrading to our Advanced ZPA deployment service.

🛡 Delivered by SecureDynamicsZscaler’s most trusted and comprehensive partner.