Monitor and Troubleshoot the Zero Trust Access App from Mobile Devices

This topic applies to client-based zero trust access connections from iOS devices and Samsung devices running Android operating systems.

Monitor Activity

After a mobile device begins to access private resources, you can monitor that activity:

  • To view details about the enrolled device including, app version, client version and sync / enrollment dates:
    Navigate to Connect > Users and Groups page and click the user enrolled in the mobile app.
  • To view access logs:
    Navigate to Monitor > Activity Search. To filter the view, click on ‘ZTNA client-based' on the top right side of the table and select an appropriate time window.
    • iOS access logs will have ‘apple-ios’ in the OS column.
    • Android access logs will have 'samsung-android' in the OS column.

General Troubleshooting

Make sure the device is running a supported and permitted operating system, as configured in the endpoint posture profile configured in the applicable access rule.

The Zero Trust Access: User Authentication Interval setting in access rules does not apply to mobile devices.

Troubleshoot iOS Devices

To troubleshoot enrolled iOS devices:

  • Confirm that the Zero Trust Access relay configuration was added:
    • On the device, go to Settings > VPN & Relays.
    • In the Per-App Relays section, Zero Trust displays.
    • To view information about the Zero Trust relay configuration, click the (i) icon. 
  • Confirm that Zero Trust Access logs are available:
    • In the Zero Trust Access application, go to Settings.
    • Choose Troubleshooting.
  • Confirm that the sync configurations and user unenrollment page displays:
    • In the Zero Trust Access application, click the status frame.

Troubleshoot Samsung Devices Running Android OS

  • To send logs from the Android device:
    From the home screen, tap Settings > Send Logs
  • To enable verbose logging:
    From the home screen, tap Settings, enable verbose logging, and restart the device.
  • To sync configurations:
    From the home screen, tap 'You’re enrolled’ > ‘Sync now’
  • To unenroll the user:
    From the home screen, tap 'You’re enrolled’ > ‘Unenroll’
  • To view ZTA statistics:
    From the home screen, tap 'You’re enrolled’ and scroll to the ‘General’ section
  • If a Cisco support representative requests certificate information:
    From the home screen, tap 'You’re enrolled’ and scroll to ‘Certificate’ section

Troubleshoot access issues

If users are unexpectedly blocked or allowed access to resources, see Troubleshoot Private Access Rules.


Set up the Zero Trust Access App for Android on Samsung Devices Devices < Monitor and Troubleshoot the Zero Trust Access App from Mobile Devices > Get Started with Cisco Secure Client on Windows and macOS Devices