Client Connector
Deploying Zscaler Client Connector with Workspace ONE UEM for Android
This guide is for admins only. If you are an end user, contact your organization’s administrator for deployment-related details.
With Workspace ONE Unified Endpoint Management (UEM), you can configure and deploy Zscaler Client Connector for Android devices by pushing the app:
- From Google Play with Android Enterprise enabled
- From Google Play without Android Enterprise enabled
- As an APK file
If you deploy Zscaler Client Connector from Google Play with Android Enterprise enabled, you can preconfigure Zscaler Client Connector with parameters. This allows you to simplify the Zscaler Client Connector enrollment process for your users. But, if you deploy Zscaler Client Connector from Google Play without Android Enterprise enabled or as an APK file, you cannot preconfigure Zscaler Client Connector.
The version used for the following steps is Workspace ONE UEM 20.7.0.0 (2007).
- Deploying Zscaler Client Connector from Google Play
To deploy Zscaler Client Connector to Workspace ONE UEM for Android devices from the Google Play Store:
- In the Workspace ONE UEM portal, go to Apps & Books > Applications > Native > Public and then click Add Application.
- On the Add Application page, configure the following options, and then click Next.
- Managed By: Enter Zscaler.
- Platform: Select Android from the Platform drop-down menu.
- Source: Click Search App Store.
- Name: Enter
Zscaler Client Connector.
- Select Zscaler Client Connector from the Google Play store.
- Click Approve to review and accept Zscaler Client Connector permissions.
- Select Keep approved when app requests new permissions to automatically approve all future updates to the app.
- Click Select to select Zscaler Client Connector from the Google Play store.
- On the Details tab, enter
Zscaler Client Connectorin the Name field, and then click Save & Assign. Zscaler Client Connector is added to your Workspace ONE UEM portal.
- Select Zscaler Client Connector for the Android platform from the Workspace ONE UEM portal, and then click Assign.
- On the Zscaler Client Connector - Assignment page, click Add Assignment and then click Save.
- On the Distribution tab, configure the following options and then click Create.
- Name: Enter
Zscaler Client Connector. - Description: Enter a relevant description for the app.
- Assignment Groups: Select a group for which you want to assign the app.
- App Delivery Method: Select the app delivery method as Auto or On-Demand based on your requirements.
- Pre-release Version: Select None from the drop-down menu.
- Name: Enter
- (Optional) On the Application Configuration tab:
If you have Android Enterprise enabled, you can use parameters to preconfigure Zscaler Client Connector. Preconfiguring Zscaler Client Connector allows you to remove steps from the user enrollment process (e.g., allowing users to skip the enrollment page or the cloud selection prompt on Zscaler Client Connector).
- Enable Send Configuration.
- The following parameters are available to configure:
- userDomain: Your organization’s domain name (e.g.,
safemarch.com). If your instance has multiple domains associated with it, enter the primary domain for your instance. - cloudName: The name of the cloud on which your organization is provisioned. For example, if your cloud name is zscalertwo.net, you would enter
zscalertwo. To learn more, see What is my cloud name for ZIA? - deviceToken: The appropriate device token from the Zscaler Client Connector Portal, if you want to use the Zscaler Client Connector Portal as an IdP.
- userName: The username for the user. For example, if the username is j.doe@zscaler.com, enter
j.doe. - enableFips: Enabling this option indicates that Zscaler Client Connector uses FIPS-compliant libraries for communication with Zscaler infrastructure. Enter
1to enable or0to disable this option.
Enable this option only if you require FIPS-level security within your organization.
- Ownership: If you use the Ownership Variable device posture type, add the key
Ownership. You can enter up to 32 alphanumeric characters in the Configuration value field. To learn more, see Configuring Device Posture Profiles for ZPA. - autoEnrollWithMDM: Use this parameter to determine auto-enrollment without user interaction, when using the Zscaler Client Connector Portal as an IdP. Select from the following options:
- Enter
0to disable auto-enrollment. - Enter
1to have users always auto-enroll, even if they log out. - Enter
2for one-time auto-enrollment.
- Enter
This option applies to only the ZIA-enabled accounts that are using Zscaler Client Connector Portal as an IdP. You must specify the parameters deviceToken, cloudName, and userDomain before enabling the autoEnrollWithMDM option.
- customDNS: By default, Zscaler Client Connector uses the device's DNS server. You can change the value to another DNS server using this setting. Enter the DNS IP address.
- allowRunningOnRootedDevice: This is set to 0 by default to restrict users from running Zscaler Client Connector on a rooted device. Enter
1to allow users to run Zscaler Client Connector on a rooted device. - externalDeviceId: Use this ID to associate devices in an MDM solution with devices in the Zscaler Client Connector Portal. By default, the value is 0. Enter a custom value to identify the device.
- Click Create.
- On the Zscaler Client Connector - Assignment page, review the values and settings entered, and then click Save. Zscaler Client Connector is pushed to the devices in the group that you selected.
After Zscaler Client Connector is installed on users’ devices, they must launch the app and log in to enroll in the Zscaler service.
Close - Deploying Zscaler Client Connector as an APK file
To deploy Zscaler Client Connector to Workspace ONE UEM for Android devices as an APK file:
- From the Zscaler Client Connector Portal, go to Administration > Client Connector App Store and download the Zscaler Client Connector APK file from the Registered Devices tab.
Contact Zscaler Support to enable the APK file link.
- On the Workspace ONE UEM portal, go to Apps & Books > Applications > Native > Internal and then click Add. Select Application File from the drop-down menu.
- On the Add Application page:
- Organization Group ID: Enter
Zscaler. - Application File: Click Upload.
- On the Add page, select Choose File to upload Zscaler Client Connector APK file from your local file, and then click Save.
- Click Continue on the Add Application page.
- On the Details tab, configure the following options, and then click Save & Assign.
- Name: Enter
Zscaler Client Connector. - Minimum OS: Select Android 8.0.
- Name: Enter
The minimum operating system for Android on ChromeOS is Android 6.0.
- On the Zscaler Client Connector - Assignment page, click Add Assignment.
- On the Distribution tab, configure the following options, and then click Create.
- Name: Enter
Zscaler Client Connector. - Description: Enter a relevant description for the app.
- Assignment Groups: Select a group for which you want to assign the app.
- Deployment Begins: Set a date and a time for the deployment to start based on your requirements.
- App Delivery Method: Select the app delivery method as Auto or On Demand based on your requirements.
- On the Zscaler Client Connector - Assignment page, review the values and settings entered, and then click Save. Zscaler Client Connector is pushed to the devices in the group that you selected.
After Zscaler Client Connector is installed on users’ devices, they must launch the app and log in to enroll in the Zscaler service.
Close