You can use the application package to manually install the Zscaler App on a device, or if you're deploying the app to your users via device management methods that support macOS devices. After downloading the Zscaler App package, you can deploy the file as is with your device management method.
You can also add install options to customize the app package for your organization using various command-line options.
To install the package using macOS command-line options:
sudo sh <complete path>/Contents/MacOS/installbuilder.sh <install options>
If your organization is provisioned on more than one cloud, your users are asked to select the cloud to which their traffic is sent during the enrollment process. See image.
With this install option, you can specify the cloud to which the app must send user traffic so that your users do not have to make the selection during enrollment. Do not use this option if your organization is provisioned on one cloud. The app will automatically send traffic to the proper cloud and your users do not need to make a selection during enrollment.
This install option is required if you enable the --strictEnforcement option.
To add this option using the command-line, enter --cloudName <organization's cloud name in lowercase>. For example, if your cloud name is zscalertwo.net, you would enter zscalertwo. To learn more, see What is my cloud name?
This install option allows you to use the Zscaler App portal as an IdP. The Zscaler service will silently provision and authenticate users even if you don't have an authentication mechanism in place. Before adding this option, you must generate a device token in the Zscaler App portal and completed the full configuration detailed in Using the Zscaler App Portal as an IdP.
To add this option using the command-line, enter --deviceToken <device token from the Zscaler App portal>.
To enable this option using the command-line, enter --hideAppUIOnLaunch 1. By default, the value is 0 (i.e., disabled).
For macOS, if you add this option, the --unattendedmodeui option with a value of none is also required. To learn more, see --unattendedmodeui below.
To add this option using the command-line, enter --mode unattended
This install option allows you to specify which app profile policy you want to enforce for the app before the user enrolls. All relevant settings associated with the policy will apply, including the bypass of the IdP login page. Once the user enrolls, this policy is replaced with the app profile policy that matches the user based on group affiliation.
To add this option using the command-line, enter --policyToken <policy token from the Zscaler App portal>.
To enable this option using the command-line, enter --reinstallDriver 1. By default, the value is 0 (i.e., disabled).
If you enable this install option, the --cloudName and --policyToken options are required.
To enable this option using the command-line, enter --strictEnforcement 1. By default, the value is 0 (i.e., disabled).
To add the install option using the command-line, enter --unattendedmodeui <value>, where <value> is one of the following:
This install option allows users to skip the app enrollment page. (See image.) If SSO is enabled for your organization, users are taken right to your organization's SSO login page. If you've integrated SSO with the app, users can also skip the SSO login page and are automatically enrolled with Zscaler service and logged in.
To add the install option using the command-line, enter --userDomain <your organization's domain>.
The image below is an example of a command-line that uses all the available install options above, where: