I called in to support yesterday and have an open ticket. The support person didn’t seem to know answers to some of my questions so I want to confirm here…
We want to use the zscaler app universally rather than browser pac file. So knowing that, how can we force people to have to authenticate before they can browse the web? Currently you could just ignore the app and not ever sign in and your browsing seems unaffected (which makes sense as nothing is sending your traffic to zscaler)
We are using ADFS as authentication method. Currently if you try to sign in to the app, what happens is that you are redirected within the app to the ADFS portal and then a pop up box shows up and you have to put in your credentials. I was under the impression that this is not right and it should be automatic sign in. The support person told me this is normal behavior and you have to sign in once to ADFS and then you are OK after that. I don’t see what the point of using ADFS over the directory sign in method if this is the case.