Zscaler recommends that you use the ZIdentity Admin Portal to configure primary and secondary external identity providers (IdPs). ZIdentity supports both SAML and OpenID configurations. Contact Zscaler Support to subscribe to ZIdentity.

This article provides information on configuring OpenID for single sign-on (SSO) using Okta.

Before you configure OpenID for SSO, make sure to configure OpenID on Okta with the following settings:

• Select Web Application as the application type.

  See image.

  Close

• Use https://<Zscaler ITDR Instance Name>/oauth as the sign-in redirect URI.

  See image.

  Close

• Step 1: Obtain the Client ID and Client Secret from Okta
  1. Log in to the Okta portal as an administrator.
  2. Go to Applications > Applications.

  3. Select the application that you created while configuring OpenID for Okta.

     See image.

     Close

  4. Select General.

  5. Copy the Client ID and Client Secrets.

     See image.

     

     Close

  Close
• Step 2: Obtain the OpenID Endpoint Configuration for Okta

  1. Enter the following URL in the browser:

     https://<Okta Instance>.okta.com/.well-known/openid-configuration

  2. When the configuration file opens, copy the following information:

     • issuer
     • authorization_endpoint
     • token_endpoint
     • jwks_uri

     See image.

     

     Close

  Close
• Step 3: Configure OpenID for SSO on the Zscaler ITDR Admin Portal

  After you obtain the client ID, client secret, and endpoint configuration details, you must configure OpenID for SSO in the ITDR Admin Portal.

  Close