icon-zslogin.svg
ZIdentity

Managing Device Groups

Users can access the Zscaler services through various devices. For example, one user can have two devices, one personal and one employer-provided. The personal device can be enrolled in Zscaler Internet Access (ZIA), and the employer-provided device can be enrolled in ZIA and Zscaler Private Access (ZPA). As a ZIdentity admin, you can control or restrict the devices that are used to access the Zscaler services (ZPA, ZIA, ZDX, etc.) and ensure that only users on authorized devices can enroll in Zscaler services.

To manage device group restrictions:

  1. Go to Administration > Entitlements > Service.

  2. On the Service Entitlements page, click the required Zscaler service (e.g., Zscaler Internet Access).

    The list of service entitlementsClose

    The Zscaler Internet Access - Service page appears.

  3. In the top-right corner, click Manage > Device Group Restrictions.

  4. In the Manage Device Group Restrictions window, select the toggle for Enable Device Group Restrictions.

    The list of registered device IDs is displayed.

    An administrator who can access the ZIdentity service entitlements but does not have permissions to view the device groups can only see whether the Enable Device Group Restrictions option is enabled or not, but cannot change the setting.

  5. Select the devices that must be allowed to access the Zscaler service.

  6. Click Save.

    Users can access the Zscaler service from their registered device.

Related Articles
About Administrative EntitlementsAbout Service EntitlementsAssigning Entitlements to UsersManaging EntitlementsManaging Device Groups