Zscaler Client Connector — version history

* Fixes an issue on iOS 26 where Zscaler Client Connector remained stuck in an authentication loop while authenticating through an SSO extension for several minutes before completing sign-in. * Fixes an issue where devices connected to IPv6-only networks and in tenants without the IPv6 feature enabled for Zscaler Client Connector fell back to Zscaler Tunnel (Z-Tunnel) 1.0, because the QUIC drop policy wasn't applied. * Fixes an issue where after a device reboot on a cellular-only network, traffic intermittently failed to route through the Zscaler Internet Access (ZIA) tunnel. * Fixes an issue where Zscaler Client Connector displayed the message Invalid MDM Config, when Zscaler Digital Experience (ZDX) remained stuck in a connecting state due to an incorrect management device management (MDM) configuration.

* Supports ZIdentity integration for the following features: using one-time passwords (OTPs), using device group-based app profiles, the assignment of service entitlements based on device posture, quarantining devices, displaying the service disable reason, and force-removing devices. * Supports end user migration to ZIdentity, including a new Migration Status filter on the Device Management page and the Platform Details page to help track the device migration progress. To learn more, see Migrating End Users to ZIdentity. * Provides separate per-device OTPs for the logout function and Disable ZIA, Disable ZPA, and Disable ZDX services. * Updates the External Device ID field, displayed in the Zscaler Client Connector Registered Devices page in Enrolled Devices, upon a change by the Mobile Device Management (MDM). * Enables admins to configure an early reauthentication notification for end users before Zscaler Private Access (ZPA) applications expire and allows users to authenticate before ZPA applications expire. To learn more, see Configuring Zscaler Client Connector App Profiles. * Adds the ability to display a custom notification to users who attempt to access the internet when in Strict Enforcement mode. * Supports device group-based app profiles in the Zscaler Client Connector Portal. * Disables captive portal notifications based on the disableCaptivePortalNotification parameter in the Mobile Device Management (MDM) VPN configuration. * Fixes an issue where strict enforcement failed to apply PAC file bypasses after a device reboot, requiring users to update the policy as a workaround. * Fixes an issue where internet connectivity was lost after a device reboot when ZPA was disabled in a per-app VPN configuration for ZPA and Zscaler Internet Access (ZIA). * Fixes an issue for ZPA Private Service Edge deployments only where the Certificate Trust posture check appears to have failed because Zscaler Client Connector took too long to send the posture evaluation results to the ZPA Private Service Edge.