i read one of the zscaler document, it stated max enroll 16 devices per username, at the same time i was told max concurrent login is 3 per username, how does all this work as it is limit to max 3 login yet can enroll 16 devices per username, doesn’t make sense to me, anyone can help clarify this?
is it possible to ban a device or machine from using/login via client connector?(touch wood, device is lost and user store its credential in the device)
There is a difference between the two constraints you’ve noted. The 16-user limit is related to enrollment and assignment of a username to a physical device and is the gating factor for concurrent usage. Once those 16 devices are enrolled, they could theoretically be logged into by the same user that enrolled them (or a different user for that matter) up to 16 times concurrently. That number can be decreased or automatically pruned based on configuration parameters in the mobile portal, which may account for the information you heard about the 3 simultaneous logins - perhaps your configuration was changed to limit to three devices per username. You may also have a limitation on simultaneous logins by the IdP you’ve integrated with ZIA/ZPA (ADFS, Azure AD, Okta, etc.).
Almost forgot to about your second question…Yes, you can quarantine a lost device in the mobile portal and setting a device enrollment status is based on the unique device fingerprint.
Quarantined : Does not count against the number of devices in the device limit. The device can not re-login, is not available for soft removal, and eligible for hard deletion. It can not be re-enrolled unless an admin moves it to the Removed state.
Thanks for the explanations.
I saw zscaler license stated as max 3 concurrent login per username, what will happen to the 4th device when i try to login for the 4th concurrent login? my configuration does not limit to max 3 login.
Just to confirm again, once the device is quarantined, even if you have the credential to login, you will not be able to login?
I assume the 4th device will fail login. It is also possible this limitation is not a blocking limitation (based on the honor code), but again, I personally have no experience with this particular limitation as stated in the EUSA. It generally only comes into play when dealing with kiosks where the same user credentials are used on shared workstations/terminals. In practice, most organizations have a laptop, smart phone, and iPad which explains the 3-user parameter referred to in the EUSA.
Yes, from that particular device. If the credentials are valid, they can be used on another device that is enrolled and not quarantined as long as the number of enrolled devices has not exceeded the maximum as set (max 16).
Sorry, I had answered this 2 months ago, but didn’t hit send! You’ve probably long since figured this out, but just wanted to complete the posting.
Thanks for following up on this, yeah, i manage to figure it out. Thank you!!