A complete guide for administrators transitioning from legacy Zscaler admin portals (admin.zscalerone.net) to the unified Experience Center console.
Zscaler is replacing its multiple product-specific administration portals — including admin.zscalerone.net (ZIA), admin.private.zscaler.com (ZPA), and separate ZDX portals — with a single unified console called the Zscaler Experience Center, accessible at console.zscaler.com.
This is not simply a cosmetic rebrand. The Experience Center represents a fundamental architectural shift in how Zscaler delivers its administrative experience — consolidating siloed product portals into one integrated, outcome-driven platform with a shared identity layer.
Previously, administrators managing Zscaler services needed to work across multiple disconnected portals. An administrator responsible for both internet security (ZIA) and private access (ZPA) would regularly switch between admin.zscalerone.net and admin.private.zscaler.com, each with separate login credentials, separate dashboards, and separate policy frameworks. ZDX (Digital Experience Monitoring) was yet another separate interface.
The Experience Center unifies administrative workflows for ZIA, ZPA, ZDX, Zero Trust Branch, and more into a single hub — reducing context-switching and providing cross-product analytics that were impossible with siloed portals.
Zscaler has published a phased timeline for the migration. It is critical that all administrators understand the key dates and plan accordingly.
Zscaler introduced the Experience Center as a unified console, initially covering ZIA, ZPA, ZDX, and Client Connector management. Available to all customers to explore.
Experience Center expanded to include Zero Trust Branch, Zero Trust Cloud, and IoT/OT segmentation capabilities — becoming the true unified SASE console.
Customers should complete migration to ZIdentity and the Experience Center. Engage your Zscaler account team for migration assistance. Both old and new portals remain accessible during this period.
From this date, all new Zscaler features and innovations will only be released within the Experience Center. Legacy portals will no longer receive new feature updates.
All legacy Zscaler administrative UIs (admin.zscalerone.net, admin.private.zscaler.com, etc.) will be officially deprecated and shut down. Migration must be complete before this date.
If you do not migrate before April 2026, you will miss access to new features. If you do not migrate before September 2026, you will lose access to your administrative console entirely. Begin planning now.
The most significant change is the shift from a fragmented, product-per-portal model to a single unified console with a shared identity layer.
The table below summarises the key differences administrators will encounter when moving from the legacy portals to the Experience Center.
| Feature / Aspect | Legacy Portals (admin.zscalerone.net) | Experience Center (console.zscaler.com) |
|---|---|---|
| Access URL | admin.zscalerone.net, admin.private.zscaler.com, ZDX portal (separate) | console.zscaler.com (single URL for all products) |
| Login Method | Product-specific credentials per portal; separate logins required for ZIA, ZPA, and ZDX | Single sign-on via ZIdentity; integrates with your enterprise IdP (Okta, Entra ID, Ping); MFA enforced by default |
| Product Scope | One portal per product. Switching products requires navigating to a different URL | All products managed from one console: ZIA, ZPA, ZDX, Zero Trust Branch, Risk360, and more |
| Dashboard / Analytics | Product-isolated dashboards; no cross-product unified view | Unified analytics across internet/SaaS, private access, and digital experience; consolidated traffic, threats, and user views |
| Policy Management | Separate policy frameworks per product; internet and private access policies managed independently | Common policy framework across access controls, cybersecurity, data protection, and digital experience management |
| Admin Role Management | Roles and entitlements managed separately in each product portal | Centralised entitlement management via ZIdentity; SCIM-based auto-provisioning from your IdP; unified RBAC |
| Location Management | Managed separately per product; no single view of all locations | Unified Locations: manage branches, cloud connectors, IPSec/GRE tunnels from a single workflow |
| AI & GenAI Features | Not available in legacy portals | GenAI-driven interactive guidance, AI-powered policy recommendations, Risk360 risk intelligence |
| Future Feature Access | No new features from April 2026; fully deprecated September 2026 | All new Zscaler features and innovations exclusively released here from April 2026 onwards |
| MFA Requirement | Optional / product-specific | MFA enforced by default via ZIdentity; strongly recommended to keep enabled |
One of the most significant changes administrators will notice is the new login experience powered by ZIdentity — Zscaler's centralised identity service (formerly known as ZSLogin).
How your organisation migrates to ZIdentity depends on your current identity provider configuration:
Zscaler will provide a staging environment for you to test and validate the migration before going live. You will have the opportunity to verify the integration with your IdP before any change affects your production environment.
Zscaler may automatically upgrade your admin accounts. You will receive communication from Zscaler ahead of any automated migration. Admin credentials will be migrated to ZIdentity hosted accounts with MFA enabled.
ZIdentity enforces MFA by default and Zscaler strongly recommends keeping it enabled. A compromised admin account without MFA could provide attackers with unrestricted access to your Zero Trust configuration. Do not disable MFA without a compelling reason.
The Experience Center is not just a consolidated interface — it introduces capabilities that were not possible with the siloed legacy portals. These features are only available in the Experience Center.
A single consolidated view across internet/SaaS traffic, private access, and digital experience. See users, cyber threats, data protection events, and network health in one place without switching portals.
Interactive AI assistance within the console to guide administrators through complex configuration tasks, policy recommendations, and Zero Trust adoption — reducing reliance on documentation.
A comprehensive risk intelligence tool that surfaces and prioritises risks within your Zero Trust network, helping administrators understand and remediate their organisation's overall security posture.
A proactive deployment health tool that measures and optimises the performance and configuration health of your Zscaler deployment — identifying gaps before they become incidents.
Manage all locations — branches, cloud edges, data centres, OT/IoT factories, SD-WAN sites — from a single workflow. No more toggling between interfaces for site-by-site administration.
Require additional authentication challenges before sensitive administrative operations, reducing the blast radius of a compromised admin session without impacting day-to-day workflows.
Manage Zero Trust SD-WAN, branch connectors, and IoT/OT device segmentation directly from the Experience Center. Zero-touch provisioning for branch appliances via templates.
The Experience Center adapts its interface to the administrator's role — security engineers, network administrators, and executives all see relevant views tailored to their responsibilities.
This section walks through the specific changes administrators will experience when they begin using the Experience Center.
Your existing Zscaler configuration — policies, rules, users, locations, app segments — will carry over to the Experience Center. You are not reconfiguring Zscaler from scratch. What changes is how you access and manage that configuration.
All existing ZIA policies, ZPA application segments, forwarding profiles, user/group configurations, and location settings migrate automatically. The Experience Center is a new interface to the same underlying platform.
The navigation structure in the Experience Center is reorganised around outcomes and use cases rather than individual products. Administrators who are accustomed to the ZIA or ZPA portal menu structure will find their settings in different menu locations. Here is a guide to the major navigation changes:
| Task | Legacy Portal Location | Experience Center Location |
|---|---|---|
| URL Filtering Policies | ZIA Portal → Policy → URL & Cloud App Control | Internet & SaaS → Cyberthreat Protection → URL Filtering |
| Firewall Rules | ZIA Portal → Policy → Firewall Control | Internet & SaaS → Firewall |
| DLP Policies | ZIA Portal → Policy → DLP | Data Security → Web & Email DLP |
| App Segment Management | ZPA Portal → Applications | Private Access → Application Segments |
| Access Policies (ZPA) | ZPA Portal → Policy → Access Policy | Private Access → Policies → Access Policies |
| ZPA App Connectors | ZPA Portal → Infrastructure → App Connectors | Private Access → Infrastructure → App Connectors |
| Digital Experience Monitoring | Separate ZDX portal | Digital Experience → Dashboard / Apps / Devices |
| Locations | ZIA Portal → Administration → Locations | Infrastructure → Locations (unified view) |
| Admin Management | ZIA Portal → Administration → Administrators | Administration → ZIdentity → Admin Accounts |
| Activity Logs | ZIA Portal → Analytics → Web Insights | Analytics → Logs (unified across ZIA & ZPA) |
Any browser bookmarks or documentation referencing admin.zscalerone.net, admin.private.zscaler.com, or other legacy portal URLs will need to be updated to console.zscaler.com. Deep-link URLs to specific settings pages will also change. Plan to update any internal runbooks, SOPs, or documentation that contain legacy portal URLs.
The Experience Center introduces OneAPI — a unified API layer that replaces the separate product-specific APIs. If your organisation uses Zscaler APIs for automation (Terraform, scripts, SIEM integrations, etc.), you will need to review and update your API integrations as part of the migration planning process. Consult your Zscaler account team for the OneAPI migration guide specific to your integrations.
Follow these steps to complete your migration to ZIdentity and the Experience Center. Engage your Zscaler account team early — they can provide hands-on migration assistance.
Contact your Zscaler account team to discuss your migration timeline, review any specific considerations for your environment, and request access to migration resources. Zscaler can also schedule onsite or virtual migration assistance sessions.
Determine whether your admin accounts currently authenticate via an external SAML IdP or use native Zscaler credentials. This determines your migration path. If you use Okta, Microsoft Entra ID, or Ping Identity for admin SSO, prepare to configure ZIdentity to federate with your IdP.
Navigate to console.zscaler.com and explore the new interface. The Experience Center is available now and your existing configuration is visible within it. Familiarise yourself with the new navigation structure before the mandatory cutover date.
Follow the ZIdentity migration wizard or work with your account team to migrate administrator accounts to ZIdentity. Validate that all admins can successfully authenticate via ZIdentity before cutting over. Test MFA flows and verify RBAC roles carry over correctly.
Conduct orientation sessions for all Zscaler administrators on the new Experience Center navigation. Focus on the most common day-to-day tasks: policy changes, log review, user lookups, and incident response workflows. Zscaler's Customer Success Center and Zenith Community have training resources available.
Update any internal SOPs, runbooks, incident response playbooks, or training materials that reference legacy portal URLs or navigation paths. Replace admin.zscalerone.net references with console.zscaler.com and update any step-by-step navigation instructions.
If you use Zscaler APIs for automation, SIEM integration, or Terraform, assess the impact of the OneAPI migration. Work with your account team to plan API integration updates and test them in a non-production environment before cutting over.
Ensure all administrators are fully using the Experience Center and ZIdentity for all administrative tasks. Verify no critical workflows still depend on legacy portal access before the April 2026 feature freeze date.
Zscaler provides extensive support resources to assist with the migration. The following are the primary channels available to your team.
Your first point of contact. Account teams can schedule migration workshops, provide environment-specific guidance, and coordinate with Zscaler's technical teams to support your transition.
Comprehensive technical documentation at help.zscaler.com, including dedicated sections for the Experience Center, ZIdentity migration guides, and the new unified admin documentation.
Peer community at community.zscaler.com where you can connect with other Zscaler admins who have completed the migration, share experiences, and get answers from Zscaler experts.
Free and paid training courses on the Experience Center and ZIdentity administration, including hands-on labs in a live Zscaler environment. Available at the Zscaler Customer Success Center.
For technical issues encountered during or after migration, open a support case via the Zscaler Help Portal or contact your regional support team. Phone support contacts are listed at help.zscaler.com/phone-support.
Zscaler's dedicated migration landing page at info.zscaler.com/begin-your-zidentity-migration provides step-by-step migration instructions and resources specifically for the ZIdentity transition.
New Admin Console: https://console.zscaler.com
Help Portal: https://help.zscaler.com
ZIdentity Docs: https://help.zscaler.com/zidentity
Migration Guide: https://info.zscaler.com/begin-your-zidentity-migration
Zenith Community: https://community.zscaler.com