ITDR
About Identity Providers
Zscaler recommends that you use the ZIdentity Admin Portal to configure primary and secondary external identity providers (IdPs). ZIdentity supports both SAML and OpenID configurations. Contact Zscaler Support to subscribe to ZIdentity.
You can configure identity providers (IdPs) to support single sign-on (SSO) for users. The SSO page allows you to:
- Configure SAML for SSO.
- Configure SAML for SSO using Okta.
- Configure SAML for Microsoft Entra ID Single Sign-On.
- Configure SAML for Active Directory Federation Services.
- Configure OpenID for SSO.
- Configure OpenID for SSO using Okta.
- Configure OpenID for SSO using Google.
SSO provides the following benefits and enables you to:
- Configure third-party IdPs using OpenID or SAML.
- Leverage single authentication using the configured IdPs to allow users to sign in to the Zscaler ITDR Admin Portal.
About the SSO Page
On the SSO page (Settings > Users & Roles > SSO), you can do the following:
- Add and configure IdPs to support SSO.
- View a list of configured IdPs. For each IdP, you can view:
- Name: The name of the IdP configuration.
- Type: The type of IdP.
- Issuer: The URL of the IdP issuer.
- Enabled: The status of the IdP configuration. The checkmark icon indicates that the IdP is enabled, and the X icon indicates that the IdP is disabled.
- Edit or delete an IdP configuration.

If ZIdentity is enabled, you can't configure SSO using third-party IdPs in the ITDR Admin Portal. You must configure IdPs in the ZIdentity Admin Portal.
The existing SSO third-party IdPs are disabled.
To configure IdPs, click the ZIdentity link. You are redirected to the ZIdentity Admin Portal. To learn more, see About External Identity Providers.