Identifying users on thin clients

In an ongoing deployment, we have the following types of populations in particular:

  • users on workstations with zcc
  • users on thin clients on Windows RDS servers.
    For the first one, no problems to authenticate users with zcc clients.
    But for the second, we have 20-30 users who will launch their session from the same machine (RDS server) and therefore be seen with the same ip address.
    How to be sure that the traffic of a user A is not mixed with that of user B, and that the user B with limited privileges (access to a limited list of sites) does not access the Internet with the User A’s higher privileges.
    On a zia doc, I read this: β€œSince all the users connected to the server have the same source IP address, there is no way for Zscaler to know which user to map to that IP.”
    So there is no solution for this use case?
    Thanks for your help

define a subloacation with the IPs of the RDS servers and have IP surrogate disabled