- Applications that do not support cookies, such as Google Earth and Skydrive
- HTTPS transactions that are not decrypted
- Transactions that use unknown user agents
If the applications doesn’t carry cookies , the user info cannot seen at Zscaler end when the traffic reaches to service edge. So user based / group based policies cannot enforce. In this situation IP surrogacy will map the username (when the user authenticate at least once ) and private IP address for certain period of time.
Even request is coming without the username from the IP address will consider as the user who is authenticated at least once for the duration configured under IP surrogacy. So the user based policies will be applicable for those traffic like Google Earth or Skydrive.