To enable the CLI for Windows devices:

1. In the Zscaler Client Connector Portal, go to App Profiles. To learn more, see Configuring Zscaler Client Connector Profiles.
2. Click Add Windows Policy.
3. In the Command Line Interface Access section, enable the Command Line Interface.

4. (Optional) In the Disable Services section, enable Disable ZPA Password to require a password when disabling the ZPA service using the CLI.

   If enabled, a Generate ZPA Disable Password option appears.

   The ZPA service is the only service that can require a password. The Zscaler Internet Access (ZIA) and Zscaler Digital Experience (ZDX) services cannot require a password.

   

To enable the CLI for macOS devices:

1. In the Zscaler Client Connector Portal, go to App Profiles. To learn more, see Configuring Zscaler Client Connector Profiles.
2. Click Add macOS Policy.
3. In the Command Line Interface Access section, enable Command Line Interface.

4. (Optional) In the Disable Services section, enable Disable ZPA Password to require a password when disabling the ZPA service using the CLI.

   If enabled, a Generate ZPA Disable Password option appears.

   The ZPA service is the only service that can require a password. The Zscaler Internet Access (ZIA) and Zscaler Digital Experience (ZDX) services cannot require a password.

   

To use CLI for Windows devices:

1. Start a command prompt as an administrator.
2. Use one of the following file paths, depending on your Windows system version:
   • For 64-bit: C:\Program Files\Zscaler\ZSACli\ZSACli.exe <command>
   • For 32-bit: C:\Program Files (x86)\Zscaler\ZSACli\ZSACli.exe <command>

3. Replace <command> with one of the following commands and press Enter.

   Command	Result	Notes
   enable -s zpa	Turn on ZPA.	If you are enabling ZPA for a partner tenant, add -u <partner username> after zpa. Can be run five or fewer times per minute.
   disable -s zpa	Turn off ZPA.	If you enabled Disable ZPA Password and generated a password in app profiles, add -p <disable password> after zpa. Example: ZSAcli.exe disable -s zpa -p <disable password> Can be run three or fewer times per minute.
   status -s <service>	Display the status in a JSON format of the entered service, or for all services if you enter all.	Possible values for <service>: zia (indicates Zscaler Internet Access) zpa (indicates Zscaler Private Access) zdx (indicates Zscaler Digital Experience) deception (indicates Zscaler Deception zep (indicates Anti-Tampering) all (indicates all services)
   help	Displays help information about the CLI arguments.	N/A

   If a message displays indicating that the CLI is disabled from the policy, enable the Command Line Interface option in the app profile.

To use CLI for macOS devices:

1. Start a command prompt as an administrator.

2. Use the following file path:

   /Applications/Zscaler/Zscaler.app/Contents/PlugIns/zscli

3. Replace <command> with one of the following commands and press Enter.

   Command	Result	Notes
   enable -s zpa	Turn on ZPA.	If you are enabling ZPA for a partner tenant, add -u <partner username> after zpa. Can be run five or fewer times per minute.
   disable -s zpa	Turn off ZPA.	If you enabled Disable ZPA Password and generated a password in app profiles, add -p <disable password> after zpa. Example: zscli disable -s zpa -p <disable password> Can be run three or fewer times per minute.
   status -s <service>	Display the status in a JSON format of the entered service, or for all services if you enter all.	Possible values for <service>: zia (indicates Zscaler Internet Access) zpa (indicates Zscaler Private Access) zdx (indicates Zscaler Digital Experience) zdp (indicates Endpoint Data Loss Prevention) all (indicates all services)
   help	Displays help information about the CLI arguments.	Possible examples for help: zscli -h zscli enable -h zscli disable -h zscli status -h

   If a message displays indicating that the CLI is disabled from the policy, enable the Command Line Interface option in the app profile.