Zscaler Client Connector auth behavior

Hi ,

What will be the authentication behavior when Zapp is configured as Disabled (FWD profile: NONE, Cisco VPN: Full tunnel, zapp state: Disabled:VPN Trusted Network). Our Trusted network is configured with GRE.

Will authentication frequency play any role in re-authenticating users with zapp mentioned in above scenario?

Current Behavior:
We are seeing re-authntication getting triggered for some users with Zapp (FWD profile: NONE, Cisco VPN: Full tunnel, zapp state: Disabled:VPN Trusted Network)

The behavior is not consistent. I would like to know if there is any exception to the zapp one time login behavior.

Thank you
Richardson Jose

Hi Richard,

Hope you are doing well.

Normally, If the ZCC is configured to be disabled, then it does not forward any traffic to Zscaler for the user. This means that all traffic goes directly to the Internet. The authentication frequency, on the ZIA admin UI, does not apply to Zscaler Client Connector. It only applies to users authenticated via the browsers. In your case, the auth frequency is getting applied to the users authenticated via their browsers only.

Thanks & Regards
Ajar Mayor

Hi Ajar,

Thanks for your prompt response. This leads to few questions then:

  • Why then all users are not getting authenticated. If user A logs in daily on his browser then I can assume he /she will eventually get re authenticated. On the contrary, if user B hardly uses browser then will he/she not re authenticate or miss the reauthentication frequency. ?

  • Like you mentioned auth freq will be applied for a user authenticating via browser, but if that user is also using ZCC , then the below article suggests that auth frequency will not trigger for a zapp user: is that correct?

If that is correct, then my users who are all on ZCC should not be re authenticated even in ZCC Disabled mode?

https://help.zscaler.com/zia/about-user-authentication-frequency

BR,
Richard