Zscaler Machine Tunnel with Duo Security

I wanted to share my experience in this journey. Using Duo Security for MFA presents some challenges because by default it blocks other Credential Providers from activating until after MFA occurs. In the case of a Machine Tunnel and the Zscaler Diagnostics tab on the login screen, this doesn’t work very well.
What you have to do is add the GUID of the ZSACredentialProvider to the registry value for the ProvidersWhitelist key. In this case, the GUID is {bb6c9014-b670-4f4f-80cb-4fda1ef98d81}, so adding that and enabling the Machine Tunnel, then you will see the Zscaler Diagnostics tab on the login screen before Duo authentication.
Just thought I would share.

1 Like