Experience Center
Creating Isolation Profiles for Private Applications
To configure browser isolation for your application, you must use a Private Applications isolation profile. These profiles determine certain attributes and specifications of the isolation browser. They also define how the isolation browser handles web requests, as well as the level of interaction with the user's native browser. You can use isolation profiles to create policies to isolate specific web applications. To learn more, see About Isolation Policy and Configuring Isolation Policies.
Prerequisites
Before creating an isolation profile for Private Applications, make sure Isolation is enabled for your organization.
Creating a Private Applications Isolation Profile
To create a new Private Applications isolation profile:
- Go to Policies > Access Control > Clientless > Profiles.
- Click Add Isolation Profile.
The Add Isolation Profile window appears.
- In the Add Isolation Profile window:
- On the General tab:
- Name: Create a name for the Private Applications isolation profile.
- Description: (Optional) Enter a description.
- On the General tab:
Click Next.
- On the Company Settings tab:
- Enable or disable Forward Internet Traffic via ZIA. To learn more, see Forwarding Traffic from ZPA Profiles to ZIA in Isolation.
- Enter the Organization ID and Cloud Name.
- Select to use either a recommended or custom PAC file.
- Enable at least one Root Certificate to deploy. The Zscaler Root Certificate is applied by default, and you cannot disable it. To learn more, see About Root Certificates for Isolation in Private Applications.
- Enable or disable Debug Mode. If you enable it, you must set a password for the ZIP file that is created at the end of a debug troubleshoot. Make sure to share the password with the user associated with the isolation profile. To learn more, see Using Debug Mode for Isolation.
Click Next.
- On the Security tab, enable or disable the desired settings:
- Allow copying and pasting between your computer and the isolation browser.
- Allow file transfers between your computer and the isolation browser. If enabled, select whether the file transfer will be a flattened PDF or the original file.
- Allow printing of web pages and inline content from isolation.
- Restrict keyboard/text input to isolated web pages.
- Allow viewing Office files while in isolation.
- Allow local browser rendering while in isolation.
- Enabling Application Deep Linking allows users to open applications from their local machine via the rendered deep link data on an isolated web page. From there, the user can click the rendered link in the isolated browser, and open the application for use on their machine. If you enable this, add the specific links for the allowed applications to the list. If this feature is disabled for the isolation profile, or an application is not added to the list in the isolation profile, the user sees an error message explaining that the application isn't allowed by policy.
See image.
Click Next.
- On the Regions tab, from the drop-down menu, select at least two regions where the isolation profile should be available.
Click Next.
- On the Isolation Experience tab:
- From the drop-down menu, select an Isolation Banner. The option you choose shows a preview banner in the window. Choose from existing banners, or create custom isolation banners to use for your isolation profiles. To learn more, see Adding a Banner Theme for the Isolation End User Notification in Private Applications.
- Enable or disable the option to have a persisting isolation URL bar.
- Select the Isolation Experience mode:
- Native browser experience: This mode provides the user with a browsing experience similar to accessing the native web page with a typical browser. Admins can also customize this view.
Browser-in-browser experience: This mode provides the user with the complete look and feel of an isolated session experience. To learn more, see User Experience Modes in Isolation.
- (Optional) Enable Persistent State: Enabling this option causes the data from a user's active session to carry over to their new session each time they begin an isolated session. If you enable this feature, the Enable Persistent State window displays a consent message for you to read before confirming enablement. Click Enable. If you do not enable it, the data does not persist, meaning it is destroyed with the container when the user logs out or exceeds the session timeout.
- Enable or disable the option to use a watermark while in isolation. Admins can enable watermarking per isolation profile and choose to display the user ID, date and timestamp (in UTC), and a custom message.
- (Optional) Enable Language Translation: This allows the user to translate any text from isolated web pages to the language of the user's choice.
- Click Save.
When saved, your new profile appears in the list of Private Applications isolation profiles. You can edit or delete a profile directly from the list. However, you cannot delete Private Applications isolation profiles used in isolation policies. To learn more, see Editing Your Isolation Profile for Private Applications and Deleting an Isolation Profile for Private Applications.
You can use this isolation profile to create policies in Private Applications to isolate specific web applications. To learn more, see Configuring Isolation Policies.