You can use the EXE file to manually install the Zscaler App on a device, or if you're deploying the app to your users via device management methods that do not support MSI files. After downloading the Zscaler App EXE installer file, you can deploy the file as is with your device management method.
You can also add install options to customize the app for your organization via one of the following methods:
In addition to the custom features enabled by the install options, you can also modify the EXE file to allow users to log into the app without entering a domain name. To learn more see Allow Users to Log into the Zscaler App Without Entering Domains.
To run the EXE file using command-line options:
If your organization is provisioned on more than one cloud, your users are asked to select the cloud to which their traffic is sent during the enrollment process. See image.
With this install option, you can specify the cloud to which the app must send user traffic so that your users do not have to make the selection during enrollment. Do not use this option if your organization is provisioned on one cloud. The app will automatically send traffic to the proper cloud and your users do not need to make a selection during enrollment.
This install option is required if you enable the --strictEnforcement option.
To add this option using the command-line, enter --cloudName <organization's cloud name in lowercase>. For example, if your cloud name is zscalertwo.net, you would enter zscalertwo. To learn more, see What is my cloud name?
This install option allows you to use the Zscaler App portal as an IdP. The Zscaler service will silently provision and authenticate users even if you don't have an authentication mechanism in place. Before adding this option, you must generate a device token in the Zscaler App portal and completed the full configuration detailed in Using the Zscaler App Portal as an IdP.
To add this option using the command-line, enter --deviceToken <device token from the Zscaler App portal>.
To enable this option using the command-line, enter --hideAppUIOnLaunch 1. By default, the value is 0 (i.e., disabled).
To add this option using the command-line, enter --mode unattended.
This install option allows you to specify which app profile policy you want to enforce for the app before the user enrolls. All relevant settings associated with the policy will apply, including the bypass of the IdP login page. Once the user enrolls, this policy is replaced with the app profile policy that matches the user based on group affiliation.
To add this option using the command-line, enter --policyToken <policy token from the Zscaler App portal>.
To enable this option using the command-line, enter --reinstallDriver 1. By default, the value is 0 (i.e., disabled).
If you enable this install option, the --cloudName and --policyToken options are required.
To enable this option using the command-line, enter --strictEnforcement 1. By default, the value is 0 (i.e., disabled).
To add the install option using the command-line, enter --unattendedmodeui <value>, where <value> is one of the following:
This install option allows users to skip the app enrollment page. (See Image.) If SSO is enabled for your organization, users are taken right to your organization's SSO login page. If you've integrated SSO with the app (i.e., using a mechanism like Integrated Windows Authentication (IWA)), users can also skip the SSO login page and are automatically enrolled with Zscaler service and logged in.
An alternative to using this install option is to change the name of the installer file. To learn more, see Allow Users to Log into the Zscaler App Without Entering Domains.
To add the install option using the command-line, enter --userDomain <organization's domain name>.
The image below is an example of a command-line that uses all the available install options above, where:
This configuration can only be used if your organization's domain is registered on a single cloud. If your organization's domain is registered on multiple clouds, use the command-line install options described above.
This configuration achieves the same function as the --userDomain install option. The following guidelines apply:
To allow users to log into the app without entering domains: