ZIA: Block a website for everyone except a specific user group

🔧 Steps in the ZIA Admin Portal:

1. Create a URL Filtering Rule to allow access for the specific group

• Navigate to: Policy > URL & Cloud App Control > URL Filtering
• Click Add Rule
• Name it something like: Allow Example.com for Finance Team
• URL Categories: Add a Custom URL Category (see next step)
• Action: Set to Allow
• Users/Groups: Select the specific AD/SCIM group (e.g., Finance-Team)
• Click Save

2. Create or update a Custom URL Category

• Go to: Policy > URL Categories
• Click Add URL Category
• Name it something like: Example.com Category
• Add the domain(s), e.g., example.com or *.example.com
• Save and publish

3. Create a second URL Filtering Rule to block access for all others

• Go back to URL Filtering, click Add Rule
• Name it something like: Block Example.com for Others
• URL Categories: Select the same custom category you used earlier
• Action: Set to Block
• Users/Groups: Leave this blank or select “Everyone” (depending on your setup)
• Make sure this rule is below the Allow rule in priority order

4. Check Policy Order

• Ensure the Allow rule is above the Block rule
• ZIA processes policies top-down, stopping at the first match

👀 Optional: Logging & Verification

• Go to: Analytics > Web Insights
• Filter by domain or username to confirm the policies are working as expected