Saviynt and Zscaler expand zero-trust identity partnership

Saviynt and Zscaler have announced an expanded strategic partnership aimed at unifying identity governance with inline policy enforcement across enterprise Zero Trust architectures. The deal is backed by a financial commitment: Zscaler Ventures has taken a position in Saviynt's Series B funding round, which also includes KKR, Carrick Capital Partners, Ten Eleven and Sixth Street Growth. Neither company disclosed the size of Zscaler Ventures' participation or the total round value.

The commercial rationale is straightforward. Most large organisations have accumulated fragmented access models — persistent VPN credentials, broad group memberships, long-lived service accounts — that contradict the least-privilege principle at the heart of Zero Trust. The integration targets this gap by combining Saviynt's identity governance and administration (IGA) layer with Zscaler's Zero Trust Exchange enforcement platform, focusing initially on just-in-time (JIT) access provisioning.

How the integration works

Under the joint model, Saviynt validates an access request against policy, provisions a time-bound entitlement, and automatically revokes it on expiry. Zscaler enforces that decision inline at session initiation through its Zero Trust Exchange, meaning access cannot be exercised before governance has approved it and is cut off the moment the entitlement lapses. The companies say the combined workflow also extends to third-party access management, with delegated onboarding controls and built-in expiration windows.

"Zero Trust strategy is ultimately driven by the quality of identity decisions and how rigorously they are enforced," said Anirudh Sen, SVP of Products at Saviynt. "With Zscaler, we're helping customers move to a model where access is continuously verified, context-aware, and designed to expire."

Saviynt has also joined Zscaler's Project AI-Guardian as a Technology Alliance Partner, positioning the partnership to extend beyond human access governance to cover non-human identities — service accounts, AI agents, and machine-to-machine credentials — a category drawing intensifying scrutiny as agentic AI deployments multiply in enterprise environments. The companies plan to showcase the integrated solution at Zscaler's Zenith Live conference in Las Vegas this week.

Market context and competitive landscape

The identity security market is undergoing consolidation as buyers seek to reduce the number of point products spanning IGA, privileged access management (PAM), and network policy enforcement. Historically, these disciplines have been sold by separate vendors — with IGA players such as Saviynt, SailPoint and Omada operating independently from network-security platforms such as Zscaler, Palo Alto Networks and Cisco. Cross-category partnerships of this kind — where the governance vendor and the enforcement vendor align their data models and APIs — represent one response to enterprise pressure for fewer integration seams.

The timing is also shaped by regulatory direction. The EU's NIS2 Directive, which came into force for member-state transposition in October 2024, requires covered entities to implement access-control and privileged-access policies as part of minimum-baseline security measures. In the US, the Cybersecurity and Infrastructure Security Agency's Zero Trust Maturity Model similarly treats identity as the primary control plane. Enterprises facing audit obligations under these frameworks have a direct compliance incentive to close the governance-to-enforcement gap that Saviynt and Zscaler are targeting.

The participation of Zscaler Ventures in Saviynt's Series B is a notable structural choice: strategic corporate venture positions typically carry integration commitments and roadmap alignment agreements that pure commercial partnerships do not. Whether that translates into deeper platform-level integration — or eventually a full acquisition — will be the question investors and competitors watch over the next 12 to 18 months.