Cloud & Branch Connector
Admin SAML Configuration Guide for Okta
This guide demonstrates how to configure Okta as the identity provider for Zscaler Cloud & Branch Connector and use SAML single sign-on (SSO) for admins. To learn more about the steps in the Okta portal, refer to the Okta documentation.
Prerequisites
Ensure that you have the following before configuring Okta:
- Okta account with admin privileges.
- Zscaler cloud name.
- Admin accounts created for your organization's admins.
If you are subscribed to ZIdentity, some of the following options are only configurable within the ZIdentity Admin Portal. To learn more, see What Is ZIdentity?
Configuring Admin SAML SSO with Okta
To configure Okta as the IdP for Cloud & Branch Connector and use SAML SSO for admins:
- Step 1: Add the Zscaler Cloud and Branch Connector Administrator ApplicationClose
- Log in to Okta.
On the left-side navigation, select Applications, then click Applications.
Click Create App Integration.
Select SAML 2.0, then click Next.
On the Create SAML Integration page, under General settings, enter
Zscaler Cloud and Branch Connector Administrator Applicationas the App name, then click Next.In SAML Settings, enter the following for Single sign on URL and Audience URI (SP Entity ID), respectively:
https://connector.<Zscaler Cloud>.net/bac-adminsso.doadmin.<Zscaler Cloud>.netTo learn more, see What Is My Cloud Name for Zscaler Cloud & Branch Connector?
Click Next.
In Help Okta Support understand how you configured this application, select I'm an Okta customer adding an internal app.
- Click Finish. Okta redirects you to the Zscaler Cloud and Branch Connector Administrator Application page.
- Step 2: Configure the SAML Admin SSO in Okta
On the Zscaler Cloud and Branch Connector Administrator Application page, click Assignments.
Click Assign, then select Assign to people.
In the Assign Zscaler Cloud and Branch Connector Administrator Application to People window, select the admins you want to assign to the application.
Okta redirects you to a new window.
Click Save and Go Back.
- Click Done.
On the Zscaler Cloud and Branch Connector Administrator Application page, click Sign On.
Under SAML Setup, click View SAML setup instructions.
On the How to Configure SAML 2.0 for Zscaler Cloud and Branch Connector Administrator Application page, copy the Identity Provider Issuer.
Under X.509 Certificate, click Download certificate.
Okta downloads the certificate as a
.cert, but the Zscaler Cloud & Branch Connector Admin Portal supports only.ceror.pemfiles. Ensure that the file is converted before uploading it to the portal.
- Step 3: Configure SAML Admin SSO in the Cloud & Branch Connector Admin Portal
- In the portal, go to Administration > Administrator Management > Administrators Management.
In the SAML Authentication for Administrators section, under IdP SAML Certificate, click Upload.
In the IdP SAML Certificate window, click Choose File and upload the certificate, then click Upload when complete.
Under Issuer, paste the Identity Provider Identifier you copied from Okta, then click Add Items.
Enable SAML Authentication.
- Click Save and activate the changes.
Testing the Admin SAML SSO
To test the SAML admin SSO, you can initiate the SAML connection from the Zscaler Cloud and Branch Connector Administrator Application.
On your Okta Dashboard, click the Four Square icon in the top right corner.
In Okta Apps, click My end user dashboard.
Okta redirects you to My Apps.
In the Work section, click Zscaler Cloud and Branch Connector Administrator Application. You are automatically signed in to the Zscaler Cloud & Branch Connector Admin Portal.
