This guide is for admins only. If you are an end user, contact your organization’s administrator for deployment-related details.

With MobileIron unified endpoint management (UEM), you can configure and deploy Zscaler Client Connector for Android devices. Before deploying Zscaler Client Connector, you must first enable the Android Enterprise feature for MobileIron UEM. For more information, refer to the MobileIron documentation.

The following deployment procedure is based on MobileIron Core 10.1.

To configure and deploy Zscaler Client Connector to MobileIron for Android devices:

1. In the MobileIron Admin Portal, click Apps from the top menu.

2. Click Add to import Zscaler Client Connector to the App Catalog.

3. Click Google Play, and then search for Zscaler Client Connector.

4. Select Zscaler Client Connector from the list, and then click Next.

5. (Optional) Modify the Description and select a Category. Click Next.

6. In the Android Enterprise (All Modes) section, enable the Install this app for Android enterprise option.

The Configuration Choices section appears.

This section appears only if you have already enabled Android Enterprise for MobileIron Core.

7. Under Default Configuration for Zscaler Client Connector, the following parameters are available to configure:
   • userDomain: Your organization’s domain name, e.g., safemarch.com. If your instance has multiple domains associated with it, enter the primary domain for your instance.
   • cloudName: The name of the cloud on which your organization is provisioned. For example, if your cloud name is zscalertwo.net, you would enter zscalertwo.
   • deviceToken: The appropriate device token from the Admin Portal, if you want to use the Zscaler Client Connector as an IdP.
   • userName: The username for the user. For example, if the username is j.doe@safemarch.com, you would enter j.doe.

   • enableFips: Enabling this option indicates that Zscaler Client Connector uses FIPS-compliant libraries for communication with Zscaler infrastructure. Enter 1 to enable or 0 to disable this option.

     Enable this option only if you require FIPS-level security within your organization.

   • Ownership: If you use the Ownership Variable device posture type, add the key Ownership. You can enter up to 32 alphanumeric characters in the Configuration value field. To learn more, see Configuring Device Posture Profiles.

   • autoEnrollWithMDM: Use this parameter to determine auto-enrollment without user interaction, when using Zscaler Client Connector as an IdP. Select from the following options:

     • Enter 0 to disable auto-enrollment.
     • Enter 1 to have users always auto-enroll, even if they log out.
     • Enter 2 for one-time auto-enrollment.

     This option applies to only the Internet & SaaS-enabled accounts that are using Zscaler Client Connector as an IdP. You must specify the parameters deviceToken, cloudName, and userDomain before enabling the autoEnrollWithMDM option.

   • customDNS: By default, Zscaler Client Connector uses the device's DNS server. You can change the value to another DNS server using this setting. Enter the DNS IP address.
   • allowZCCOnRootedDevice: This is set to 0 by default to restrict users from running Zscaler Client Connector on a rooted device. Enter 1 to allow users to run Zscaler Client Connector on a rooted device.

8. Click Finish.

You can now register the device (that has a work profile or is in Device Owner mode) and apply the Android Enterprise configuration. Zscaler Client Connector is automatically installed and configured.

Users must open Zscaler Client Connector once for the configurations to be applied for the first time.