Zscaler App: Step-by-Step Configuration Guide


Zscaler App: Step-by-Step Configuration Guide

This guide takes you step-by-step through the configuration tasks you must complete to begin using the Zscaler App for your organization. Each step links you to the appropriate article for that configuration task.

A. Requirements

See below for system requirements and prerequisite tasks you must have completed before your organization can use the Zscaler App for the Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) services.

  • Windows 7, 8, 8.1, or 10
  • Disk usage: 200 MB
  • Memory usage: 150 MB
  • Processor capable of running operating systems supported by the Zscaler App
  • Microsoft .NET Framework 4 and above
  • Whitelist Zscaler App processes and configure firewall bypasses. 


While Zscaler has whitelisting agreements for the Zscaler App in place with specific endpoint protection vendors such as Trend Micro and Kaspersky Labs, for some endpoint protection products like anti-virus and personal firewall, you might need to perform additional whitelisting to ensure full Zscaler App functionality. To learn more, see What Zscaler App processes should I whitelist?

  • Mac OS X 10.10 and later.
  • Disk usage: 200 MB
  • Memory usage: 150 MB
  • Processor capable of running operating systems supported by the Zscaler App
  • If you are using Tunnel mode in your forwarding profile, ensure that you disabled the system firewall.
  • Whitelist Zscaler App processes and configure firewall bypasses.


While Zscaler has whitelisting agreements for Zscaler App in place with specific endpoint protection vendors such as Trend Micro and Kaspersky Labs, for some endpoint protection products like anti-virus and personal firewall, you might need to perform additional whitelisting to ensure full Zscaler App functionality. To learn more, see What Zscaler App processes should I whitelist?

  • Configure appropriate security and access settings in the Zscaler admin portal.
  • You must have one of the following for authentication:
  • Configure your organization's firewall to allow the necessary connections. For detailed information about the traffic your firewalll must allow, go to https://ips.<Zscaler cloud>/zscaler_app. For example, if your cloud name is zscalertwo.net, you would go to https://ips.zscalertwo.net/zscaler_app. To learn more, see What is my cloud name?
  • If you want to enable SSL inspection for users running the Zscaler App, enable SSL scanning for mobile traffic in the admin portal (see Define your policy for SSL inspection). Additionally, when you configure your App Profile, you must ensure that the Install Zscaler SSL Certificate option is turned on.
  • Configure appropriate security and access settings in the ZPA admin portal.
  • SAML-based authentication must be configured and users provisioned. You cannot use the Zscaler App portal as an IdP for the ZPA service.
  • To ensure the Zscaler App properly processes traffic for ZPA, ensure the following domains are in the SSL bypass list. If you use a PAC file for Zscaler App, you must add the URLs to the SSL bypass list in the PAC file as well. 
    • api.zscalerconnect.net
    • api.zscalershift.net
    • broker.prod.zpath.net
    • samlsp.private.zscaler.com
    • Any domains used by your organization's identity provider (IdP), for example, example.okta.com.

B. Configure Administration Settings

  1. Configure an Acceptable Use Policy (AUP)
  2. Configure app update settings
  3. Configure forwarding profiles
  4. Configure support settings
  5. Configure fail-open settings
  6. For ZIA, if necessary, configure settings to use the Zscaler App portal as your IDP
  7. For ZPA, if necessary, configure device posture profiles

C. Configure App Profiles

Configure app profiles for Windows and macOS computers.

D. Download the Zscaler App

Download the app from the Zscaler App portal.

E. Prepare the Installer File with Preferred Installer Options

Before installing the app, you can add install options to customize the app for your organization.

F. Install the Zscaler App

You can install the app manually on individual computers, or you can use your organization's device management mechanism to deploy the app to your users' devices. If you are deploying the app in an Active Directory (AD) environment using GPO, see Deploying the Zscaler App for Windows with Active Directory.

Once the app is installed on users' devices, users can enroll with Zscaler. During enrollment, the app will download the appropriate app profile and administrative settings as configured in the Zscaler App portal.

G. Zscaler App System Location

To learn where the app is installed on users' Window or macOS devices, see the following articles:

For more information about managing the app and in-app features, see About the Zscaler App PortalUsing the Zscaler App: Windows, and Using the Zscaler App: macOS.