The Admin Sign-On Policy page displays all the sign-on rules configured for the users. The sign-on rules determine whether to allow or deny a user from accessing the Zscaler service. You can use different attributes to configure rules and apply them to the users.

The sign-on policy is not applicable to the super admin (admin@<vanityurl>.zslogin.net). Super admin is the primary user account that was created when onboarding your tenant.

About the Admin Sign-On Policy Page

On the Admin Sign-On Policy page (Administration > Admin Management > Administrator Management > Sign-On Policies), you can do the following:

1. Add a sign-on rule.
2. View a list of all configured sign-on rules. For each rule, you can see:
   • Rule Order: The policy rule's order number. Sign-on rules are evaluated in ascending numerical order.
   • Rule Name: The name of the rule.
   • Criteria: The criteria that triggers the rule.

   • Rule Action: The action (Allow or Deny) taken when a rule is triggered.

     ZIdentity follows the Allow rule by default, so unless a Deny rule is created, it implicitly allows everything.

   • Rule Status: The status (Enabled or Disabled) of the rule.
   • Description: The description of the rule, if available.
3. Edit a sign-on rule.
4. Delete the sign-on rule.
5. Enable or disable a sign-on rule.