icon-itdr.svg
ITDR

Configuring OpenID for Single Sign-On

Zscaler recommends that you use the ZIdentity Admin Portal to configure primary and secondary external identity providers (IdPs). ZIdentity supports both SAML and OpenID configurations. Contact Zscaler Support to subscribe to ZIdentity.

This article provides information on how to configure OpenID for single sign-on (SSO) in the Zscaler ITDR Admin Portal.

Before you configure OpenID for SSO, obtain the following details for the identity provider (IdP):

  • Client ID
  • Client Secret
  • Issuer
  • Authorization Endpoint
  • Token Endpoint
  • JSON Web Key Set (JWKS)

To learn more, see Configuring OpenID for Single Sign-On Using Okta and Configuring OpenID for Single Sign-On Using Google.

To configure OpenID for SSO:

  1. Go to Settings > Users & Roles > SSO.
  2. Click Add Provider, and select OpenID from the drop-down menu.

  3. In the OpenID Provider Details window:
    1. Name: Enter a name for the OpenID integration.
    2. Enabled: Select to enable the OpenID SSO provider.
    3. Use Proxy Settings: Enable if the ITDR Admin Portal requires a proxy to connect to the OpenID SSO servers. This toggle is optional if you are using a SaaS-hosted version of ITDR.
    4. Client ID: Enter the client ID you obtained from your IdP.
    5. Client Secret: Enter the client secret you obtained from your IdP.
    6. Endpoints: Enter the endpoint configuration details that you obtained from the file:

      1. Issuer: Enter the issuer URL obtained from your IdP.
      2. Authorization Endpoint: Enter the authorization endpoint URL obtained from your IdP.
      3. Token Endpoint: Enter the token endpoint URL obtained from your IdP.
      4. JWKS URI: Enter the JWKS URI obtained from your IdP.

  4. Click Save.

After the configuration, sign in to the ITDR Admin Portal. You will see the identity provider's login button. Sign in with the OpenID provider to verify if the integration is successful.

Related Articles
Configuring OpenID for Single Sign-OnConfiguring OpenID for Single Sign-On Using OktaConfiguring OpenID for Single Sign-On Using Google