Customizing Zscaler App with Install Options (Mac)

You can use the application package to manually install the Zscaler App on a device, or if you're deploying the Zscaler App to your users via device management methods that support Mac devices.

After downloading the Zscaler App package, you can simply install the file as is.

You can also install the Zscaler App with various command line options to customize the Zscaler App for your organization. See below for instructions.

Install the Package with Command-Line Options

You can add options in Mac with the following steps:

  1. Open the Applications folder.
  2. Open the Utilities folder .
  3. Double-click on the Terminal icon.
  4. Enter the command below followed by the options you want:

The image below is an example of a command line that uses all the available options above, where:

  • The package file location is /Users/Grace/Downloads/Zscaler-osx-1.2.0.000259-installer.app
  • The cloud on which the organization is provisioned is zscalertwo.net
  • The device token value is 123456789
  • The policy token value is 987654321
  • The organization's domain name is safemarch.com

The image has been annotated to show the different components.

Install the Package with Command-Line Options

cnm

If your organization is provisioned on more than one cloud, during the enrollment process, your users are asked to select the cloud to which their traffic is sent. See image.

With this install option, you can specify the cloud to which the App must send user traffic so that your users do not have to make the selection during enrollment. Do not use this option if your organization is provisioned on one cloud. The Zscaler App automatically sends traffic to the right cloud and your users do not encounter this step.

NOTE: This install option is required if you enable the --strictEnforcement option.

To add the option, enter --cloudName <your organization's cloud name in lowercase letters>. See What is my cloud name? to learn how to find your cloud name.

Example (where an organization's cloud is zscalertwo.net):

--cloudName zscalertwo

cnmac

cnmac

dtm

This allows you to use the Zscaler App Portal as an IdP. With this option, Zscaler can silently provision and authenticate users even if you don't have an authentication mechanism in place.

NOTE: Before adding this option, you must have generated the device token in the Zscaler App Portal and completed the full configuration detailed in Using the Zscaler App Portal as an IdP. See image below.

To add the option, enter --deviceToken <appropriate device token from the Zscaler App Portal>. You must obtain the appropriate device token from the Zscaler App Portal. See image below.

Example (where device token is 123456789):

--deviceToken 123456789

dtm

haum

This forces the Zscaler App window to stay hidden before users enroll with the App. Users can always open the window by clicking the Zscaler App icon in the system tray.

To add this option, enter --hideAppUIOnLaunch 1

mm

This allows you to install the Zscaler App in silent mode.

To add this option, enter --mode unattended

Note, for Mac, if you add this option, you must also add the unattendedmodeui option with the value none.

ptm

This install option is only applicable (and required) if you enable --strictEnforcement and want users to enroll with the Zscaler App before accessing the Internet. This option allows you to specify which App Profile policy you want to enforce for the App before the user enrolls. All relevant settings associated with the policy will apply, including the bypass of the IdP login page. Once the user enrolls, this policy is replaced with the App Profile policy that matches the user based on group affiliation.

NOTE:

  • In the Zscaler App Portal, you must have configured the App Profile policy that you want to enforce and ensured that the custom PAC file associated with that policy includes a bypass for your IdP login page. This allows the user to access the IdP page to log in as necessary before enrolling with the Zscaler App. Once you configure an App Profile policy, the Zscaler App Portal automatically generates a policy token. You must use this policy token as the value for this option (see image below).

To add the option, enter --policyToken <policy token from the Zscaler App Portal>. Note that you must also add --strictEnforcement 1 and --cloudName <your organization's cloud name in lower case letters>.

Example (where policy token is 123456789 and the cloud is zscalertwo.net):  --strictEnforcement 1 --policyToken 123456789 --cloudName zscalertwo

ptm

rdm

This forces a reinstallation of the driver, even if you already have a driver installed. Use this option if you are having issues with the currently installed driver.

To add this option, enter the following: --reinstallDriver 1

se

This allows you to require users to enroll with the Zscaler App before accessing the Internet.

NOTE: Adding this install option requires that you provide values for --cloudName and --policyToken options as well. See more about the --policyToken and --cloudName options above.

To add this option, enter --strictEnforcement 1 --policyToken <policy token from the Zscaler App Portal> --cloudName <your organization's cloud name in lower case letters>

Example (where policy token is 123456789 and the cloud is zscalertwo.net):  --strictEnforcement 1 --policyToken 123456789 --cloudName zscalertwo

umi

This allows you to control what's displayed to users if you are performing an unattended installation of the Zscaler App.

To add this option, enter the following: --unattendedmodeui <none, minimal, or minimalWithDialogs>, where:

  • none: Nothing is displayed to users and no interaction is required. If you add a mode --unattended option (see above), you must also add this option with the value none to ensure nothing is displayed to users.
  • minimal: Very little is displayed to the user (for example, a small progress bar showing installation progress).
  • minimalWithDialogs: More information is displayed to the user with some dialogs that require user interaction.

Example: --unattendedmodeui none

udm

This allows users to skip the Zscaler App enrollment page (see image). Users are taken right to your organization's SSO login page.

NOTES:

  • SSO must be enabled for your organization.
  • If you've integrated your SSO with the Zscaler App (using a mechanism like Integrated Windows Authentication (IWA)), users can also skip the SSO login page and are automatically enrolled with Zscaler service and logged in.

To add this option, enter the following: --userDomain <your organization's domain>

Example (where organization's domain name is zscaler.com): --userDomain zscaler.com

udmi3

udmi3