icon-cloud-connector.svg
Cloud & Branch Connector

Configuring VDI Templates

This article provides information on how to configure a Virtual Desktop Infrastructure (VDI) template. To learn more, see About VDI Templates.

To add a VDI template:

  1. Log in to the Zscaler Cloud & Branch Connector Admin Portal.
  2. Go to Administration > VDI Templates.
  3. Click Add VDI Template.
  4. On the Add VDI Template page:

    • Name: Enter a name for the template.
    • Description: Enter a description for the template.
    • Auth Type: Select IdP or Hosted DB as your authentication type.

    The authentication type you select here must match the authentication type that Zscaler Internet Access (ZIA) is currently using. Select IdP only if ZIA is configured for Security Assertion Markup Language (SAML) authentication, and select Hosted DB only if ZIA is configured for Form-Based authentication. To learn more, see Configuring the Default Authentication Profile.

    • If you select IdP, enable SCIM in Zscaler Private Access (ZPA). Use the same IdP in ZIA and ZPA. Then configure the following fields:
      • Domains: Leave this field empty.
      • IdP Name: Select an identity provider (IdP) name for the template. The list of IdPs in the drop-down menu is retrieved from the ZIA configuration. You can add new IdPs in the ZIA Admin Portal. To learn more, see Adding Identity Providers.
      • System User: Select a system user for the template. System users are defined in the ZIA configuration. The list of system users in the drop-down menu is retrieved from the ZIA configuration. You can add new system users in the ZIA Admin Portal. To learn more, see About Users and Adding Users.

        System users are assigned to traffic leaving the VDI session that cannot be attributed to the current user. The system user attributes the traffic to a mechanism where policies are applied. Admins can then create security policies around the system user to permit, deny, or restrict where system traffic can reach. If you enable this feature, a default system user is created. In the ZIA logs, this user appears in the logging output as system-level traffic that the current user did not generate. You can configure a user on the IdP and select them as the system user. This arrangement is useful if you want different system users assigned based on the location of the VDI infrastructure. For example, some system users might have access to certain resources while others might not.

    • If you select Hosted DB, select a System User for the template. The hosted database information is defined in the ZIA configuration. You can add new users to the hosted database in the ZIA Admin Portal. To learn more, see Configuring the Hosted User Database.

  5. Click Submit.

    To copy the VDI provisioning URL and access token, click the VDI template that you created. If no token value is present, click the Generate Token button.

Related Articles
What Is Zscaler Client Connector for VDI?Downloading Zscaler Client Connector for VDIStep-by-Step Configuration Guide for Zscaler Client Connector for VDICustomizing Zscaler Client Connector for VDI with Install Options for MSIZscaler Client Connector for VDI Processes to AllowlistAbout VDI DevicesAbout VDI GroupsConfiguring VDI GroupsAbout VDI TemplatesConfiguring VDI TemplatesAbout VDI Forwarding ProfilesConfiguring VDI Forwarding ProfilesTroubleshooting Zscaler Client Connector for VDI