The Risk360 service supports identity provider (IdP)-initiated SAML authentication for admins. The admin can log in to the Risk360 Admin Portal directly from a single sign-on (SSO) provider's portal by clicking the Risk360 application icon. This guide illustrates how to configure SAML SSO with Okta for the Risk360 service.

Prerequisites

Ensure that you have the following before you start configuring Okta:

• An Okta account with admin privileges.
• Admins created for the Risk360 service in the Okta directory.

Configuring SAML SSO with Okta

To configure Okta SAML SSO for Risk360:

• 1. Create Risk360 App integration in Okta.

  To add the Risk360 application to Okta:

  1. Log in to your Okta account.
  2. In the Admin Console, go to Applications > Applications.
  3. Click Create App Integration.

  See image.

  

  Close

  4. Select SAML 2.0 as the Sign-in method.

  See image.

  

  Close

  5. Click Next.
  6. In the General Settings section, enter the display name for the service in the App name field (e.g., Risk360).
  7. Click Next.
  8. In the Configure SAML section:
     1. Single sign-on URL: Enter https://admin.zscalerrisk.net/idp-auth
     2. Audience URI (SP Entity ID): Enter https://admin.zscalerrisk.net/idp-auth
     3. Default RelayState: Enter your Risk360 cloud name. You can view the cloud from the My Profile page in the Risk360 Admin Portal. See image.
        Close

  See image.

  

  Close

  9. Click Next.
  10. In the Feedback section, select I'm a software vendor. I'd like to integrate my app with Okta and click Finish.

  See image.

  

  Close

  The Risk360 integration is created in Okta. You can assign admins to the application.

  Close
• 2. Assign admins to Risk360.

  To assign admins to the Risk360 application:

  1. Log in to your Okta account.
  2. In the Admin Console, go to Applications > Applications.
  3. Select the Risk360 application from the list.
  4. Click Assign > Assign to People.

  See image.

  

  Close

  5. Click Assign next to the users that you want to assign the application.

  See image.

  

  Close

  6. Click Save and Go Back, then click Done.

  The admins are assigned to the Risk360 application.

  Close
• 3. Download the SAML signing certificate from Okta.

  To download the SAML signing certificate:

  1. Log in to your Okta account.
  2. In the Admin Console, go to Applications > Applications.
  3. Select the Risk360 application from the list.
  4. In the SAML Signing Certificates section, download the SHA-2 type certificate by clicking Actions > Download certificate.

  See image.

  

  Close

  The certificate is downloaded to your system. Upload the certificate as part of Step 4 in the IdP SAML Certificate field.

  Close
• 4. Configure SAML SSO in the Risk360 Admin Portal.

After you complete the preceding steps, admins can access the Risk360 Admin Portal using their Okta credentials or the Risk360 tile on their Okta homepage.

See image.