Ang mga gumagamit ay ang ZAP na mga representasyon sa mga website/mga webapp sa mga gumagamit. Pinayagan nila ang ilang mga aksyon na isinagawa mula sa pananaw ng isang gumagamit ng mga webapp. For each Context, a set of Users can be defined, which can then be used in actions related to the context. Most commonly, during various scans the request messages can be sent from the point of view of a User.

The concept of Users is tightly tied to the concepts of Session Management and Authentication. When a User is first used somewhere in ZAP, an authentication is performed (according to the Authentication Method defined for the Context) and a Session is created and configured for this user (according to the Session Management defined for the Context). After that, requests sent from the point of view of a User are modified (if necessary) and sent in such a way that the web server identifies them as being sent by an authenticated webapp/website user. If anytime a message is sent from the perspective of a User and the response received seems unauthenticated (as identified using the Logged In and Logged Out Authentication indicators), a new authentication is performed and the Session is updated accordingly.

In order to perform the authentication of a user on a website / in a webapp, the Authentication Method defines how the authentication is done (the process), while the necessary credentials (the exact identifiers) are dependent on the user, so, in ZAP, they are configured in the Users.

Session Contexts Dialog

	Youtube tutorial	of the Authentication, Session Management and Users Management features of ZAP [external link to https://youtu.be/cR4gw-cPZOA].
	Authentication Overview	for an overview of Authentication in ZAP
	UI Overview	for an overview of the user interface
	Features	provided by ZAP
	Session Contexts Dialog	for an overview of the Session Properties