ITDR
Configuring OpenID for Single Sign-On Using Okta
Zscaler recommends that you use the ZIdentity Admin Portal to configure primary and secondary external identity providers (IdPs). ZIdentity supports both SAML and OpenID configurations. Contact Zscaler Support to subscribe to ZIdentity.
This article provides information on configuring OpenID for single sign-on (SSO) using Okta.
Before you configure OpenID for SSO, make sure to configure OpenID on Okta with the following settings:
Select Web Application as the application type.
Use
https://
<Zscaler ITDR Instance Name>
/oauth
as the sign-in redirect URI.
To configure OpenID for SSO using Okta:
- Step 1: Obtain the Client ID and Client Secret from Okta
- Log in to the Okta portal as an administrator.
- Go to Applications > Applications.
Select the application that you created while configuring OpenID for Okta.
- Select General.
Copy the Client ID and Client Secrets.
- Step 2: Obtain the OpenID Endpoint Configuration for Okta
Enter the following URL in the browser:
https://
<Okta Instance>
.okta.com/.well-known/openid-configuration
When the configuration file opens, copy the following information:
issuer
authorization_endpoint
token_endpoint
jwks_uri
- Step 3: Configure OpenID for SSO on the Zscaler ITDR Admin Portal
After you obtain the client ID, client secret, and endpoint configuration details, you must configure OpenID for SSO in the ITDR Admin Portal.
Close