ZIA & machine authentication


I see ZPA has a feature to authenticate using the machine credentials, is there any way to accomplish this with ZIA? We want ZIA to be enforced regardless of the user being logged on.

Right now, Zscaler Client Connector turns itself off if a user logs off. This causes two problems:

  1. On our internal network, this means the computer cannot access internet anymore as we do not have transparent proxy. For cloud client management tools such as Intune this means the client is effectively cut off from management.
  2. On public networks, this means a more tech savvy user (or malware) could have a scheduled task that runs when no one is logged on and effectively bypass any content filtering.


Tomas - this sounds a lot like a new enhancement to the upcoming release of ZCC called “Pre-Windows Login”, which uses the machine address to create an authentication token for when the device is active, but prior to user login. It is primarily designed for ZPA so that security can be applied when system services running pre-login can be accessed prior to user login, but may also apply to your scenario with ZIA as well.

I would suggest contacting your Zscaler SE or Support for further discussion of your use case, and if applicable, access to the applicable version of ZCC for testing.