How to Require Manual ZPA Authentication?

We deployed Zscaler Client Connector for ZIA and enabled WIA. This allowed transparent login and worked very well.

Then, when we launched ZPA recently, the same automatic login works for ZPA as well. Not something we really want. Since ZPA gives access to private resources, we have set the Auth Timeout to 8 hours. We find that after 8 hours, ZPA requires users to Authenticate but it is just a mouse click - it doesn’t really ask them to provide a login/password etc.

How do we keep the automatic login for ZIA but require manual login for ZPA?

Hey Manoj,

With ZPA the Re-Authenticate process takes you to your IDP to refresh the SAML Assertion which is used with ZPA to authenticate for app access.

If the SAML IDP is doing single sign-on this will be a seamless re-authentication.

If you want the user to be prompted for credentials or even MFA this needs to be done in the SAML IDP as it essentially is the gate-keeper for that assertion.


Joseph Stubberfield