Customizing Zscaler App with Install Options (macOS)


Customizing Zscaler App with Install Options (macOS)

You can use the application package to manually install the Zscaler App on a device, or if you're deploying the app to your users via device management methods that support macOS devices. After downloading the Zscaler App package, you can deploy the file as is with your device management method.

You can also add install options to customize the app package for your organization using various command-line options.

Installing the Package with Command-Line Options

To install the package using macOS command-line options:

  1. Open the Applications folder.
  2. Open the Utilities folder.
  3. Double-click on the Terminal icon.
  4. Enter the following command:
sudo sh <complete path>/Contents/MacOS/installbuilder.sh <install options>

If your organization is provisioned on more than one cloud, your users are asked to select the cloud to which their traffic is sent during the enrollment process. See image.

Screenshot of selecting a cloud on the Zscaler App


With this install option, you can specify the cloud to which the app must send user traffic so that your users do not have to make the selection during enrollment. Do not use this option if your organization is provisioned on one cloud. The app will automatically send traffic to the proper cloud and your users do not need to make a selection during enrollment.

This install option is required if you enable the --strictEnforcement option.

To add this option using the command-line, enter --cloudName <organization's cloud name in lowercase>. For example, if your cloud name is zscalertwo.net, you would enter zscalertwo. To learn more, see What is my cloud name?

The --deviceToken install option only applies to Zscaler Internet Access (ZIA). It is not supported by Zscaler Private Access (ZPA).

This install option allows you to use the Zscaler App portal as an IdP. The Zscaler service will silently provision and authenticate users even if you don't have an authentication mechanism in place. Before adding this option, you must generate a device token in the Zscaler App portal and completed the full configuration detailed in Using the Zscaler App Portal as an IdP.

To add this option using the command-line, enter --deviceToken <device token from the Zscaler App portal>.

Screenshot of the device token from the Zscaler App Portal

This install option forces the app window to stay hidden before users enroll. Users can always open the window by clicking the app icon in the system tray.

To enable this option using the command-line, enter --hideAppUIOnLaunch 1. By default, the value is 0 (i.e., disabled).

This install option allows you to install the app in silent mode.

For macOS, if you add this option, the --unattendedmodeui option with a value of none is also required. To learn more, see --unattendedmodeui below.

To add this option using the command-line, enter --mode unattended

This install option allows you to specify which app profile policy you want to enforce for the app before the user enrolls. All relevant settings associated with the policy will apply, including the bypass of the IdP login page. Once the user enrolls, this policy is replaced with the app profile policy that matches the user based on group affiliation.

Prerequisites:

  • This install option is only applicable, and required, if you enable the --strictEnforcement option and want users to enroll with the app before accessing the Internet.
  • In the Zscaler App portal, you must configure the app profile policy that you want to enforce and ensure that the custom PAC file associated with that policy includes a bypass for your IdP login page. This allows the user to access the IdP page to log in as necessary before enrolling with the app.


To add this option using the command-line, enter --policyToken <policy token from the Zscaler App portal>.

Screenshot of the policy token from a Zscaler App Profile policy

This install option forces a reinstallation of the driver, even if you already have a driver installed. Use this option if you are having issues with the currently installed driver.

To enable this option using the command-line, enter --reinstallDriver 1. By default, the value is 0 (i.e., disabled).

This install option allows you to require users to enroll with the app before accessing the Internet.

If you enable this install option, the --cloudName and --policyToken options are required.

To enable this option using the command-line, enter --strictEnforcement 1. By default, the value is 0 (i.e., disabled).

This install option allows you to control what's displayed to users if you are performing an unattended installation of the app.

To add the install option using the command-line, enter --unattendedmodeui <value>, where <value> is one of the following:

  • none: Nothing is displayed to the user and no interaction is required. For macOS, if you included the mode --unattended install option, you also need to include --unattendedmodeui with a value of none.
  • minimal: A small progress bar showing installation progress is displayed to the user and no interaction is required.
  • minimalWithDialogs: More information is displayed to the user with some dialogs that require user interaction.

This install option allows users to skip the app enrollment page. (See image.) If SSO is enabled for your organization, users are taken right to your organization's SSO login page. If you've integrated SSO with the app, users can also skip the SSO login page and are automatically enrolled with Zscaler service and logged in.

To add the install option using the command-line, enter --userDomain <your organization's domain>.

Screenshot of the Zscaler App enrollment page and an organization SSO login page

The image below is an example of a command-line that uses all the available install options above, where:

  • The absolute path to the package file is /Users/Grace/Downloads/Zscaler-osx-1.2.0.000259-installer.app
  • The cloud on which the organization is provisioned is zscalertwo.net
  • The device token value is 123456789
  • The policy token value is 987654321
  • The organization's domain name is safemarch.com

Screenshot of an example of installing the Zscaler App package with a command line