Block Internet Access until user login with ZCC

Hi Everyone,

Customer is using below setup to control their end-user Internet access. They have specific requirement enforce user login to Zscaler Client Connector for internet access. We have tried below community link. However. the deployment only applicable for Zscaler Client Connector IdP instead of OKTA as primary.

Does customer requirement able to configured with Zscaler Client Connector or we have to use other method e.g. PAC file to block all internet access?. Thanks

Current Infra

  1. Zscaler Client Connector with OKTA (Authentication)
  2. Base URL rule block ALL.

Community Post

Hello Sec_Def,
The STRICTENFORCEMENT flag will still apply with Okta. The only difference is that you will want to create an app profile which contains a PAC file that bypasses Okta traffic so users can still reach Okta to authenticate.
Once authenticated, the user will get the correct app profile and have full internet access.

Warm Regards,
Chris