Deploy Zscaler Client Connector using SOTI MobiControl

Publish Date: SOTI MobiControl
63

Summary

Learn how to deploy Zscaler Client Connector using SOTI MobiControl. This article explains how to enroll scanning devices and automate device-specific certificate deployment for use with Zscaler Client Connector.

Related SOTI ONE Platform Products

SOTI MobiControl

Related Device OS

Android Enterprise

Process Description

Prerequisites

Before you begin, ensure the following requirements are met:

  • Public Key Infrastructure (PKI): A Certificate Authority (CA) is required to issue certificates. This can be Microsoft Active Directory Certificate Services (AD CS) or another provider that supports SCEP (Simple Certificate Enrollment Protocol).
  • Configured environments: Your Zscaler account and SOTI MobiControl console are set up and accessible.
  • Permissions: You have administrative permissions in both Zscaler and SOTI MobiControl.

A. Configure SOTI MobiControl for user certificates

Configure SOTI MobiControl to request and manage certificates for device authentication.

Configure a Certificate Authority

  1. In the SOTI MobiControl Administration Utility, go to Certificates.
  2. Create a Certificate Authority (CA) profile that connects to your PKI.
  3. For ADCS, specify the certificate enrollment web service and policy web service URLs.
  4. Save the profile.

Create a certificate policy

  1. Create a new certificate policy using the configured CA.
  2. Select the appropriate certificate template.
  3. Define certificate properties, such as:
    • Subject name format (for example, UPN or email address)
    • Key usage (for example, client authentication)

Deploy the certificate policy

  1. Assign the certificate policy to device groups or individual devices.
  2. SOTI MobiControl automatically requests and installs a unique certificate on each device.

B. Configure Zscaler to trust user certificates

Configure Zscaler to trust certificates issued by your CA.

Export the root CA certificate

  1. Export the root CA certificate from your PKI.

Upload the certificate to Zscaler

  1. In the Zscaler Admin Portal, go to Administration > Authentication Settings > Endpoint Integration.
  2. Create or edit a device posture profile.
  3. Enable Server Validated Client Certificate.
  4. Upload the root CA certificate.

C. Deploy Zscaler Client Connector using SOTI

After the certificate configuration is complete, deploy the Zscaler Client Connector app.

Add the app to SOTI MobiControl

  1. Download the Zscaler Client Connector installer for your platform (for example, Android or Windows).
  2. Add the installer to the SOTI MobiControl app repository.
  3. Configure installation settings to support certificate-based authentication.

Assign and install the app

  1. Create an application policy to deploy the app to target device groups.
  2. Assign the policy.

When the app installs, the previously deployed certificate is already available on the device and is used for authentication.

Was this helpful?