I noticed this paragraph in the documentation
The Zscaler Client Connector (formerly Zscaler App or Z App) certificates have a validity of 365 days from the date of enrollment. If the authentication timeout is set to Never, users will only be prompted to re-enroll to renew device certificates. This means the end user will need to log out and log back in to the Zscaler Client Connector in order to obtain a new certificate.
Does anyone who has experience with renewing ZCC certificates know how this will happen?
If we have a logout password for ZCC, does that prevent users from logging out and logging back in in order to obtain a new certificate?