User A has Machine Tunnel enabled in their App Profile, logs into a machine, and the machine is then enrolled in Machine Tunnel. Then, User B logs into the same machine, but does NOT have Machine Tunnel enabled in their App Profile. How does that effect Machine Tunnel on that machine? (I’ve done some limited testing with this and it appears the machine remains enrolled in Machine Tunnel even if a different user logs in that does NOT have Machine Tunnel in their app profile, but I just wanted to confirm this is expected behavior as we have a use case for this functionality.)
Also, if we specify an App Profile during ZCC installation, and a user with a different App Profile logs into the machine, does the ZCC then use that user’s App Profile instead?
You need to install the zcc with machine tunnel enabled app profile policy token. Or you apply app profile policy based on user or group. Later machine tunnel details will be within the machine. Machine tunnel are active before the user login to zcc / user tunnel activated.
Yep, once machine tunnel has been enrolled it’s user agnostic unless you enable ‘Machine Authentication Required’ in the App Profile.
Yes, if your ZCC package includes the correct ‘Policy Token’ for the machine tunnel App Profile then it will be enrolled before the user logs into ZCC regardless of which App profile they’ve been assigned.
It should be just a case of assigning to a App Profile with Machine Token enabled unless I’m missing something. I assume you haven’t reached your ‘maximum reuse’ then ?
The account is already assigned to an App Profile with Machine Token enabled, it’s just the status shows as “Removed” and wondering how to get it to pull down a new key.
Restarting the service or updating policy doesn’t pull down new key as it still shows Removed. Turns out that once you logout of ZCC and log back in, the machine now shows machine tunnel status as Active/Inactive - confirmed in Diagnostics.
