Understand what’s included in a SecureDynamics-delivered ZPA Essentials project and how we align with Zscaler’s best-practice deployment blueprint.
🧭 Overview
This article outlines the technical scope and configuration limits for a Zscaler Private Access (ZPA) Essentials deployment delivered by SecureDynamics. This package is ideal for organizations seeking a strong foundation in Zero Trust access, including authentication, connector deployment, application segmentation, and pilot testing—all completed within 15 business days.
SecureDynamics is a Zscaler Delivery Services Authorized Partner, offering experienced engineers, structured engagements, and guidance that aligns with Zscaler's deployment playbooks.
🛠 Engagement Scope Summary
| Category | SecureDynamics ZPA Essentials Deployment |
|---|---|
| Product Scope | ZPA only (Zscaler Private Access) |
| Delivery Model | Remote, hands-on |
| Engagement Duration | 15 business days from kickoff |
| User Rollout | Up to 500 users |
| Project Management | ❌ Not included, but we align with your internal PM |
| Assigned Consultant | 1 Zscaler-certified engineer |
| Customer Responsibility | Provide server/application inventory, connector VM resources, test users, and IdP details |
✅ Configuration Scope – What’s Included
SecureDynamics configures your ZPA Essentials deployment based on Zscaler’s best-practice blueprint. The following are included:
| Configuration Element | Included |
|---|---|
| Authentication Integration | One SAML or SCIM IdP |
| App Connector Deployment | Up to 3 ZPA App Connectors |
| Segment Groups | Up to 5 groups |
| Server Groups | Up to 5 groups |
| Individual Servers | Up to 5 servers |
| Applications | Up to 5 apps |
| Application Groups | Up to 5 app groups |
| Posture control |
Up to 2 posture controls |
| Access Policies | Up to 3 access policy |
| Browser Access | Basic setup for up to 5 apps (no advanced tuning) |
| Policy Templates | Based on ZPA Essentials-tier deployment blueprint |
| Pilot Rollout Guidance | Up to 500 users across limited and production groups |
❌ What’s Not Included
SecureDynamics follows the same exclusions Zscaler outlines for Essentials-tier ZPA deployments. These include:
Advanced ZPA Feature Configuration
- Privileged Remote Access (PRA)
- Deception
- Double Hop Routing (ZPA-to-ZPA)
- Cloud Connectors
- Advanced segmentation strategies
- Source IP anchoring
Identity & Posture Integration
- Beyond standard SAML or SCIM configurations
- MFA federation or multiple IdPs
Client Connector Customization
- Tunnel 2.0 routing profiles
- Zero Trust workflows
Custom Reporting & Dashboards
- Beyond basic logging and access reports
Third-Party Integration
- SD-WAN, SIEM, EDR, or IAM platform integrations
Ongoing Support or Tuning
- Post-deployment tuning or operational support (unless separately scoped)
Deployment of Non-Essentials Tier Features
- If your ZPA tenant includes PRA, ZDX integration, or other advanced features, those are not configured under this engagement
💡 SecureDynamics will always notify you if configuration requests approach scope boundaries and offer upgrade options for Advanced-tier support.
📌 Additional Notes
- ZPA Essentials deployments must be completed within 15 business days of kickoff.
- Pilot user rollout is supported but customers are responsible for production rollout and ongoing management.
- No formal project management is included, but we are happy to collaborate with your assigned lead.
🔗 Helpful Links
- ZPA App Connector Deployment Guide
- Zscaler Client Connector Allowlist
- Zscaler Root Certificate Install Guide
🚀 Need a More Customized ZPA Deployment?
If your deployment includes:
- Complex segmentation or multiple application tiers
- Cloud connector or hybrid architecture integration
- Advanced posture enforcement or device trust
- Post-production tuning and long-term support
…consider upgrading to our Advanced ZPA deployment service.
🛡 Delivered by SecureDynamics – Zscaler’s most trusted and comprehensive partner.