You can force all users to reauthenticate on the Default Settings page (Administration > Authentication Settings > Default Settings).

Instead of forcing reauthentication, Zscaler recommends using SCIM provisioning for complete user lifecycle management.

The Force Reauthentication for all Users section shows the following information:

• Last Reauthentication: Displays the last time Force Reauthentication was completed.
• Force Reauthentication: Click Start to log out all users in your organization and force them to reauthenticate to the Zscaler service. This may take several minutes depending on the number of users in your organization. During this process, the Central Authority (CA) invalidates all authentication cookies for the users in your organization. When your users try to access the internet, the Zscaler service detects that their authentication cookies have expired, and as a result, the users must log in again.

This feature doesn't apply to users with Zscaler Client Connector.

• Reauthentication Status: Displays one of the following logout states.
  • Completed: The CA logged out all users successfully. The Last Reauthentication field updates the time accordingly.
  • In Progress: The CA is in the process of logging out all users.
  • Error: The CA failed to log out all users. Under Force Reauthentication, an error message displays explaining why the logout failed. You can click Retry after the error is addressed.

See image.

• None: Displays if you have never executed Force Reauthentication in the ZIA Admin Portal.