If you face messages like “The signed in user <username>@<non-organization email domains> is not assigned to a role for the application”. This error can occur for either Zscaler ZIA or ZPA Enterprise Applications (Azure AD) when the user is using their own company’s Windows account on their machines.
Remove any account present over here since ZCC would try using the same account present over here: Windows settings > Accounts > Access work or school (see if any ID)
But there is catch here, it should be similar to one shown in the below screenshot:
If you see this, you can proceed to do the following:
Click on “Disconnect” to dissociate any Windows account.
Get users to login with their assigned emails to test if login is successful
Else, if you see the below as shown in the screenshot, you cannot even do the solution provided above cause it will render the user not able to login to laptop at all.
If step 1 did not work for you. Try to add an email account here as shown in the email below, this might trigger ZCC to ask for other account: