Zscaler Client Connector provides tunnel settings for Private Applications in the Zscaler Service Entitlement page.

The user tunnel settings determine which users can access Private Applications when logged in to Zscaler Client Connector. If ZPA Enabled by Default for User Tunnel is enabled, the Private Applications service is available for all users. If this setting is disabled, you can enable the Private Applications service for a select group of users or for device groups.

You can also configure a machine tunnel to establish a connection to Private Applications before users log in to Zscaler Client Connector on a Windows or macOS device. If Enable Machine Tunnel For All is enabled, all users with a Machine Token configured in the app profile can establish a connection to Private Applications without being logged in. To learn more, see About Machine Tunnels.

If Enable Machine Tunnel For All is disabled, any existing machine tunnels remain connected until a user’s app profile policy is updated and the user logs out.

To configure the machine tunnel for all devices:

1. Go to Administration > Entitlements > Private Access.

2. Enable or disable the Enable Machine Tunnel For All.

   

3. Click Save.