Configuring Device Posture Profiles for ZPA

Configuring Device Posture Profiles for ZPA


The Device Posture feature is relevant only if your organization is using the Zscaler App for Private Access (ZPA).

The device posture profile is a set of criteria that a user’s device must meet in order to access applications with ZPA. You can select a device posture profile when configuring access policies or application group policies in the ZPA admin portal.

However, you must configure these device posture profiles in the Zscaler App Portal. For each posture profile you add, you must do one of the following:

  • Upload a valid certificate trusted by your users' systems. The certificate must be in Base-64 encoded PEM or CER format.
  • Specify a file path that can be found in your user’s system.

When a user requests an application through ZPA, the ZEN provides access only if the user has permission to the requested application and the user’s device meets the required posture profile -- in other words, the user's system trusts the certificate or has the file specified in the posture profile.

Configuration Instructions

  1. From the Zscaler admin portal, go to Policy > Zscaler App Portal.
  2. In the Zscaler App Portal, go to Administration from the top menu, then from the left menu, select Device Posture.
  3. Click Add Device Posture Profile to open the Add Device Posture window.

Configuration Instructions

  1. Name: Enter a name for the device posture profile.
  2. Platform: Select Windows or Mac or both.

    Note: If you select both, you can only select the certificate as your posture type. You will not be able to select a file path.

  1. Posture Type: Do one of the following.
  • Select Certificate from the dropdown menu and upload a certificate trusted by your organization's users. Zscaler accepts .pem and .cer files, and you can upload any one of the following:
    • A client certificate
    • An intermediate certificate
    • A certificate chain
    • A root CA certificate
  • Select FilePath from the dropdown menu and enter a file path that can be found on your users' systems. For example, you can enter C:\Program Files(x86)\Example\AV.txt.
  1. Add a Device Posture Description (optional).
  2. Click Save.
  3. As a last step, ensure that your users' systems are properly configured:
  • If using the certificate posture type, ensure your users' systems trust the certificate you uploaded for the device posture profile.  
  • If using the file path posture type, ensure your users' systems have the file in the correct location.