Least amount of user interaction with Zapp on IOS

We are trying to make zscaler installation the most transparent experience possible for our users.

We deploy the application and config using JAMF as our MDM.

To avoid login prompts/authentication we used policy token method of authentication with a username dynamically populated by jamf.

To avoid VPN prompt + passcode prompt for the VPN install we populate the VPN profile.

The only thing we can’t seem to do is…to actually have Zscaler enroll a user, the user just has to launch the zscaler app on their iPhones.

Does anyone have any ideas how to make the enrollment of the device transparent to the user? It doesn’t seem like IOS gives MDM the capability to launch an app.

Hi Randy, sounds like a lot of great work you’ve done, and you have come to correct conclusion; Apple iOS has no means of auto-launching an app in user space, this means a user or admin must manually launch the app at least once.

iOS devices in kiosk mode can auto-launch a single app, but that’s not a viable option for this use-case. It would be great if Apple added something in their SDK for initial service launching on devices under MDM control. I have no idea if this is something they have considered for their roadmap. If they did have such a capability we’d certainly look at how we could integrate it.