icon-zapp.svg
Client Connector

Enabling Zscaler Deception for Device Groups

You can use Zscaler Service Entitlement to enroll Device Groups in Zscaler Deception. Configuring Deception for device groups allows you to assign entitlements and policy settings based on ownership through device posture profiles. For example, one user can have two devices, one personal and one employer-provided. The personal device can be enrolled in Deception and the employer-provided device can be enrolled in Deception and Zscaler Private Access (ZPA).

To enable Zscaler Deception for device groups, you must install Zscaler Client Connector for Windows 3.9 or later.

Enabling Zscaler Deception for Device Groups

To enable Zscaler Deception for device groups:

  1. In the Zscaler Client Connector Portal, go to Administration.
  2. In the left menu, select Zscaler Service Entitlement.
  3. Click the Zscaler Deception (Deception) tab.
  4. To enable Deception for device groups, ensure that Zscaler Deception Enabled by Default is disabled. If this setting is enabled, Deception is available for all users and you cannot assign Deception to a device group.
  5. Select one or more groups from the Device Groups drop-down menu.

Groups are defined in the Device Groups section in the Zscaler Client Connector Portal under Administration. For more information, see About Device Groups.

  1. Select Logout Zscaler Client Connector when Zscaler Deception Entitlement is Enabled to automatically log users out of Zscaler Client Connector when Deception is enabled for a device group. Users can then log in again to enable the Deception service. This applies to customers using ZPA only. When not enabled, Zscaler Client Connector runs without the Deception service until the next Zscaler Client Connector login.

Enable ZDX for Device Groups

  1. Click Save.

Your users’ devices are updated the next time they connect. If users are already connected, devices automatically update in 60 minutes. Users can manually update their devices in Zscaler Client Connector. On the More page, click Update Policy. After manually refreshing the device, they must reauthenticate on the Private Access page.

Related Articles
About Zscaler Service EntitlementEnabling ZPA for a Group of UsersConfiguring ZPA Machine Tunnel for AllEnabling ZDX for All UsersEnabling ZDX for a Group of UsersEnabling Deception for a Group of UsersAbout Device GroupsCreating Device GroupsSearching for Device GroupsEnabling ZPA for Device GroupsEnabling Zscaler Deception for Device GroupsEnabling ZDX for Device GroupsEnabling ZIA for Device Groups