ZCC SSO on VDI instance

Documentation under Supporting Citrix states
"If you are using non-persistent VDIs where users get fresh desktops each time they connect, they will need to re-enroll each time. "

But under " Best Practices for Using Zscaler Client Connector in a VDI" it states
The following conditions apply when using Zscaler Client Connector (formerly Zscaler App or Z App) in a virtual desktop infrastructure (VDI):

Does this mean that a user can be automatically logged into ZCC on a non-persistent VDI using strictenforcement and userdomain integrated with IWA?

Bill - this means that the user would be provided with the login prompt as they enter a non-persistent VDI instance and require them to enter their credentials and re-enroll each time. Even with IWA configured, you can only “automatically login” if you have a persistent VDI that keeps the cached credentials, otherwise it requires the new user of the VDI session to enter credentials since the instance doesn’t keep any properties from the previous session.

So there is no option for authenticated user traffic from non-persistent VDI instances unless the user logs in each time (not optimal user experience). The other option is to route the VDI subnet to Zscaler as unauthenticated traffic. Does anyone know if the VDI session would have a unique client IP in Zscaler logs and whether that could be traced back to user session?

Would an option to be to not use ZCC but a PAC file with auth enabled, would this allow the user traffic to be authenticated via NTLM?