Hello, we renamed all our AD account from Jdoe@xxx.com to email@example.com but the Zapp will not update it and keep the old account, only a Zapp logout will update it (key to provide more 5 mn to reautenticate teh user, do you know a method to change it smoothly ?
Although not transparent, you could perform a batch “force removal” of devices within the Mobile Admin Portal. This will de-authenticate the session, and the user will need to authenticate again.
This sounds to me like auth domain issue as opposed to a device/client connector issue. Erick, did you mean to say when you login with yyy.com it forces you to login with the xxx.com? Or do you successfully login with the yyy.com and it still shows xxx.com associated with the device you logged in with in the ZCC portal?
Hello,From my previous post as a new users I was limited to few lines so I add more explanation.
we have to change the username after the merge of both companies and the zapp application will not update it automatically.
we kept both account policy since 2 years.
the objectif is to change from firstname.lastname@example.org to email@example.com.
AD account, mail all have been changed from AD and the user is able to use his new UPN account, the problem is that the zapp software is still using the old name.
I restarted the service, repair, reboot the laptop, logout from ip.zscaler.com without any change the only solution I found was to use the logout option from the zapp client , but to do that I need to provide the password to all users and the reauthentication process took some minutes.
I tried to clean up the user entry from the web console but it’s worse because users loose the internet connectivity.
update the zapp client from 2.x to 3.x not the solution
Do you have any idea to update it with the minimum impact ? Regards
Erick - I’ll have to think about this some more. I can see why the other methods wouldn’t make the change because you were already authenticated with the xxx.com credentials and restarting services, etc, just revalidates the SAML token you already have associated with the xxx.com domain. I also suspect that xxx.com is the primary auth domain on ZIA. I would say remove xxx.com entirely from your instance, but you can’t remove the primary domain, only the yyy.com domain can be removed. How about creating a second IdP with the second domain, make it primary, then demote the xxx.com IdP to secondary, remove xxx.com (you can always add back if you still need both domains), then force re-auth from admin console. In other words, make yyy.com the only authentication option.
BTW: the problem with using the ZCC upgrade to 3.1 (or better yet, 3.4) is that you need to add the --userDomain=yyy.com install option when you install it, otherwise again, after the install, there’s no reason for ZCC to prompt you for the new username when the current one is still valid.