The docs describe a number of concepts and configuration methods quite well, and through manual interaction with the desktop app I can see a Poweruser with a work instruction being able to use it, but is there a typical deployment method for general end users/a business suitable deployment?
The requirement would be to wrap up the desktop agent (ZDEW) with an installer script and be able to automaticaly ddeploy to users via an MDM, and have the agent working/services accessible once a user hits their desktop.
The Third Party CA method looks promising - issue a x509 device or user auth cert through enterprise PKI to managed devices and have clients self registe - since this is similar to how many VPNs are deployed and scales well.
However the docs for the windows agent only show GUI methods for importing the cert (no guidance on how to automaticaly do so from an install script) - and it appears the agent can't use windows cert store/ certs anyway - which prevents accessing most enterprise/MDM deployed certs?
SSO using OIDC is the other option presented in the docs, however it seems the URL also needs to be manualy set through the GUI, and also that signing in is a manual task for the user (not seeing an option to silently/automaticaly log the user in using i.e their Entra PRT or similar).
Is there an intended architecture/method in OpenZiti to have an agent deployable and 'ready to go' from an MDM for wide spread use, or any docs reqgarding pre-configuring the agent at all (registry keys, command references or an ADMX?) Or is the focus on the project more targeted at supporting Developers/Power users only?