I want to build the environment that can be accessible without ZT client. The occasional users should be able to create the manual VPN connection from MacOS accessing the „Add VPN configuration” under built-in OS settings.
Unfortunately, there is no option for ZT clients for them their laptops, routers, virtual machines or similar.
I saw that business type of account have VPN functionality in place, however for four 24/7 devices and two occasional users the business type account seems to be too much.
Ultimately, ZeroTier is software and has to be installed somewhere. Even the Business SSO that you referenced still requires the client to be installed on user’s machine. This is because ZT is not a traditional VPN that is built directly into the usual Operating Systems like IPSec, L2TP, etc… It uses clever software to securely stretch Layer 2 network traffic across a routed infrastructure.
To accomplish what you’re currently wanting, Apple/Microsoft/Linux/Etc… would need to add ZT as part of the base OS install, which is unlikely to happen.
It sounds like your organizations current IT Posture won’t allow the use of third party VPNs anywhere within the environment, so either that posture needs to be relaxed, or you’ll need to look into existing VPN solutions that are currently on your system.