You must place each application segment you configure into a segment group. This allows you to configure user access policies based on segment groups. For example, if you have a set of defined applications that you want only users from the “Sales” department to access, you can create a segment group called “Sales Applications” and apply to it all sales-related applications. You can then create an access policy using that segment group.
However, you cannot assign an application segment to multiple segment groups. For example, if you place Salesforce in the “Sales Applications Group”, you cannot add Salesforce to another group.
Terraform Registry Example: Terraform Registry
In this video, we’ll explore
Timeline:
0:00:04;18 – 0:00:15;04 – Introduction
0:00:15;07 – 0:00:21;18 – Pre-Requisites
0:00:22;06 – 0:00:52;00 –Introduction to Segment Group
0:00:52;15 - 0:01:15;05 – Terraform Registry Documentation
0:01:17;15 – 0:01:38;26 – Configuring Segment Group
0:01:39;02 – 0:02:02;02 – Running Terraform
Transcript
Hi, my name is William Guilherme, and I am a Solutions Architect with the Zscaler Technology Alliances team.
In this video, we’ll go through how to create a segment group using the ZPA Terraform provider.
Before you proceed make sure you have the following prerequisites explained in the first video of this series in place.
A segment group is one of the many constructs available in the ZPA platform. This object is required when creating other constructs such as an application segment or an access policy.
Terraform will use your desired state configuration parameters, to call the ZPA Segment Group endpoint, and provision the segment group resource in the ZPA portal.
You can then create an application segment or an access policy using that same segment group in order to control access to a specific application.
All of this is possible via Terraform.
To see an example of how to configure a segment group using Terraform, navigate to the Terraform registry, and type ZPA in the search bar. Navigate to documentation, and scroll down to the Segment Group section on the left-hand side. Click in the zpa_segment_group resource and from here you can copy and paste this example in your configuration file.
Configuring a segment group opens your preferred text editor. Make sure you have the Terraform provider block configuration properly set.
Create the ZPA segment group resource block, and fill up the parameters accordingly.
The only required parameter in this configuration is the “Name”, while all other parameters are considered optional.
Finally, we can run the command terraform apply to provision the segment group resource in the ZPA cloud. Notice that in this example, I am using the optional flag called —auto-approve, which will prevent Terraform from asking for confirmation.
Finally, we have a single segment group resource created in the ZPA Cloud.
In summary:
Always make sure the terraform provider block is set up correctly
Use the terraform registry documentation for further guidance
In a segment group resource, the name is the only required parameter.
Once the segment group is created, it can be associated with an application segment or an access policy.