Max concurrent user login per username and max concurrent enroll devices per username

i read one of the zscaler document, it stated max enroll 16 devices per username, at the same time i was told max concurrent login is 3 per username, how does all this work as it is limit to max 3 login yet can enroll 16 devices per username, doesn’t make sense to me, anyone can help clarify this?

is it possible to ban a device or machine from using/login via client connector?(touch wood, device is lost and user store its credential in the device)

Thank You!

There is a difference between the two constraints you’ve noted. The 16-user limit is related to enrollment and assignment of a username to a physical device and is the gating factor for concurrent usage. Once those 16 devices are enrolled, they could theoretically be logged into by the same user that enrolled them (or a different user for that matter) up to 16 times concurrently. That number can be decreased or automatically pruned based on configuration parameters in the mobile portal, which may account for the information you heard about the 3 simultaneous logins - perhaps your configuration was changed to limit to three devices per username. You may also have a limitation on simultaneous logins by the IdP you’ve integrated with ZIA/ZPA (ADFS, Azure AD, Okta, etc.).

Almost forgot to about your second question…Yes, you can quarantine a lost device in the mobile portal and setting a device enrollment status is based on the unique device fingerprint.

  • Quarantined : Does not count against the number of devices in the device limit. The device can not re-login, is not available for soft removal, and eligible for hard deletion. It can not be re-enrolled unless an admin moves it to the Removed state.

Thanks for the explanations.
I saw zscaler license stated as max 3 concurrent login per username, what will happen to the 4th device when i try to login for the 4th concurrent login? my configuration does not limit to max 3 login.

Just to confirm again, once the device is quarantined, even if you have the credential to login, you will not be able to login?