How do I obfuscate user names in the Zscaler service?
You can specify whether real user names are visible or obfuscated for an admin when he or she views dashboards, reports, or logs (insights). In the sections that follow, you can learn more about how to do this in the admin portal.
- You can also obfuscate user names in NSS feeds. See the following articles to learn more: Adding NSS Feeds for Web Logs, Adding NSS Feeds for Firewall Logs, and Adding NSS Feeds for DNS Logs.
- Some regions have legal requirements that dictate that user names always remain obfuscated in reports and logs for admins. If admins need to view real user names, they must have an auditor grant them permission to do so. See What is an auditor? to learn more.
Note that in order to configure this setting for an admin account, your own admin account must meet the following conditions:
- Your admin account must have an admin role that has Full permission to Administrators Access.
- Your admin account must have organizational scope. See What is admin scope? for more information.
- If your organization has the admin rank feature enabled, and you're configuring this setting for another admin account, that admin must have an admin rank lower than or equal to your own admin rank.
Obfuscating User Names for Admins Viewing Dashboards, Reports, and Insights
To obfuscate user names for an admin, you must enable user name obfuscation for the admin role that is assigned to that admin. Therefore, you must edit the admin role that is assigned to that admin account. The instructions below detail the different ways you can do this.
Note that the instructions assume that you already have an admin account configured and want to modify settings to enable user obfuscation for that admin. If you want to create a completely new admin account, see How do I add admins? which provides comprehensive instructions for adding an admin, including details on how to enable user obfuscation for the admin role.
To obfuscate user names for an admin:
assign a diff role
If you choose this option, ensure that all other permission settings for the admin role are appropriate for the admin to which you want to assign this role. Also, you can see how to check which admin roles have user obfuscation enabled.
- Go to Administration > Authentication > Administration Controls > Administrator Management.
- Locate the admin you want to edit and click the Edit icon. See image.
- In the Edit Administrator window, click the Role field to display the menu.
- Select the appropriate admin role from the menu.
- Click Save and activate the change.
checking admin roles
- Go to Administration > Authentication > Administration Controls > Role Management.
- In the User Names column, you can check which admin roles have user names visible and which have user names obfuscated.
Edit the role to have user obf enabled
If you select this option, check which other admins have been assigned this specific role and ensure that you want user obfuscation enabled for those admins as well.
- Click the Role field to display the menu.
- Click the Add icon to open the Add Administrator Role window
- Follow the instructions in How do I add admin roles?. The article provides complete instructions for adding a new admin role, including how to enable user name obfuscation.