In our continuing effort to provide the highest level of security to our users, Zscaler is discontinuing its use of Adobe Flash cookies on its authentication pages and pre-provisioned cookies as an authentication mechanism. This is due to security concerns around the vulnerabilities of Adobe Flash cookies.
You are using Adobe Flash cookies if you downloaded cookies from https://admin.zscaler_cloud/download/cookies and distributed them to your users’ devices. (To find your Zscaler cloud name, see What is my cloud name?)
If you are using Adobe Flash cookies for authentication, ensure that another authentication mechanism is configured on the Authentication Settings page of the Zscaler Admin Portal. Zscaler recommends deploying Identity Federation using SAML for provisioning and authentication. (See Choosing Provisioning and Authentication Methods.)
You can also deploy the Zscaler App to your users with no additional charge. The Zscaler App provides all of the benefits of the Zscaler Cloud Security Platform for Internet traffic, and requires users to log in just once. (See What is the Zscaler App?)
If you do not configure an authentication mechanism before Zscaler ends its support for Adobe Flash cookies, the Zscaler service will use the authentication mechanism that is already configured on the Admin Portal to authenticate users.
Additionally, Zscaler strongly recommends that you inform your users about the new authentication process, because the Adobe Flash cookies allowed them to skip the authentication step. With the new authentication mechanism, users will need to authenticate themselves to the Zscaler service at least once.
Zscaler discontinued its support for Adobe Flash cookies in the 5.5 release, as documented in the 5.5 Release Update Summary.
If you need help changing your configuration or if you have additional questions or concerns, contact Zscaler Technical Support via the Support link in the Admin Portal.
Announcement date: 8/14/2017.