ServiceNowRegistered Partner
ZscalerReseller Partner

How it actually fits together.

A reference architecture for the integrated ServiceNow + Zscaler model. Designed to be readable in 90 seconds; the supporting detail is below if you need it.

Reference architecture

Three tiers. Bidirectional. No new infrastructure on your side.

1Zscaler Zero Trust Exchange— Cloud-delivered, multi-tenant
ZSZIAInternet Access · SWG · DLP · CASB
ZSZPAPrivate Access · App Connectors · Browser Access
ZSPosture & IdentityDevice hygiene · IDP federation · Risk score
Streaming logs · API calls
2ManaForce integration layer— Runs inside your ServiceNow instance
MFEvent ingestWebhook listener · LSS streaming · payload validation
MFOrchestration engineRouting rules · enrichment · severity calc · evidence packets
MFOutbound bridgeSCIM provisioning · policy updates · session control
Native ServiceNow APIs
3ServiceNow platform— Your existing instance
SNSecOps + GRCSIR · Vulnerability Response · Audit · Policy & Compliance
SNITSM + CMDBIncidents · CMDB enrichment · service mapping
SNHRSDOnboarding · termination · employee lifecycle
🔒
Encrypted in transitTLS 1.3 across all tiers; signed webhook payloads with rotating shared secrets.
Data residencyNo customer data transits ManaForce systems. Integration code runs inside your tenant.
Least-privilege accessScoped service accounts with explicit permission grants; rotated on schedule.
Zscaler-owned
ManaForce-built (lives in your tenant)
ServiceNow-native (your existing modules)

Data flow

What moves where, and how.

For your security review team. Every flow is logged, signed, and inspectable in both ServiceNow and Zscaler audit trails.

Zscaler ZIAServiceNowThreat events, policy violations, DLP findings — to incident workflowStreaming · LSS
Zscaler ZPAServiceNowAccess events, posture state, risk score updates — to GRC + CMDBStreaming · LSS
ServiceNow HRSDZscalerUser provisioning, group membership, policy assignmentREST · SCIM 2.0
ServiceNow SecOpsZscalerQuarantine actions, session termination, policy overridesREST · ZPA Admin API
Identity providerBoth platformsSAML federation, group claims, SCIM user lifecycleSAML · SCIM

In practice

What this looks like in your environment.

Deployment model

Zero new infrastructure. The integration runs inside your existing ServiceNow tenant; Zscaler's side is already cloud-native.

SaaS-to-SaaS. No on-prem connectors required for the integration itself.Update Set delivery. All ManaForce code ships as a scoped application — versioned, upgradable, removable.Sub-production first. Built and tested in your sub-prod (sub-production) instance before promotion.

Observability

Every event traceable end-to-end across both platforms with correlation IDs propagated through every hop.

Distributed tracing. One ID follows an event from Zscaler emit to ServiceNow record creation.Health dashboard. Integration status, throughput, error rates surfaced in ServiceNow Performance Analytics.Audit log. Every API call logged, signed, and retained for the audit period your compliance program requires.

Failure handling

When something between the platforms breaks, the workflows degrade safely rather than disappear.

Retry with backoff. Transient failures don't drop events; the queue holds and replays.Dead-letter queue. Unrecoverable events route to a SOC-visible queue for manual handling.Circuit breakers. Cascading failures get isolated; one workflow doesn't take down the others.

Identity & access

All cross-platform calls use scoped service accounts. No standing admin credentials.

Service-account isolation. One account per direction, scoped to the minimum permissions needed.Credential rotation. Automated on a schedule that matches your security policy.Break-glass procedures. Documented rollback for credential compromise or integration failure.

Want to walk this architecture against your real environment?

Our 1-week assessment includes a working session with your security and architecture teams to validate this reference against your specific identity provider, ServiceNow scope, and Zscaler tenant configuration.

Start 1-Week AssessmentTalk to an architect