icon-unified.svg
Experience Center

Admin SAML Configuration Guide for Okta

This guide demonstrates how to configure Okta as the identity provider for Zscaler Cloud & Branch Connector and use SAML single sign-on (SSO) for admins. To learn more about the steps in the Okta portal, refer to the Okta documentation.

Prerequisites

Ensure that you have the following before configuring Okta:

Configuring Admin SAML SSO with Okta

To configure Okta as the IdP for Cloud & Branch Connector and use SAML SSO for admins:

    1. Log in to Okta.

    2. On the left-side navigation, select Applications, then click Applications.

    3. Click Create App Integration.

    4. Select SAML 2.0, then click Next.

    5. On the Create SAML Integration page, under General settings, enter Zscaler Cloud and Branch Connector Administrator Application as the App name, then click Next.

    6. In SAML Settings, enter the following for Single sign on URL and Audience URI (SP Entity ID), respectively:

      https://connector.<Zscaler Cloud>.net/bac-adminsso.do
      admin.<Zscaler Cloud>.net

      Click Next.

    7. In Help Okta Support understand how you configured this application, select I'm an Okta customer adding an internal app.

    8. Click Finish. Okta redirects you to the Zscaler Cloud and Branch Connector Administrator Application page.
    Close

    1. On the Zscaler Cloud and Branch Connector Administrator Application page, click Assignments.

    2. Click Assign, then select Assign to people.

    3. In the Assign Zscaler Cloud and Branch Connector Administrator Application to People window, select the admins you want to assign to the application.

      Okta redirects you to a new window.

      1. Click Save and Go Back.

      2. Click Done.

    4. On the Zscaler Cloud and Branch Connector Administrator Application page, click Sign On.

    5. Under SAML Setup, click View SAML setup instructions.

    6. On the How to Configure SAML 2.0 for Zscaler Cloud and Branch Connector Administrator Application page, copy the Identity Provider Issuer.

      Under X.509 Certificate, click Download certificate.

      Okta downloads the certificate as a .cert, but the Zscaler Admin Portal supports only .cer or .pem files. Ensure that the file is converted before uploading it to the portal.

    Close

    1. In the portal, go to Administration > Administrator Management > Administrators Management.

    2. In the SAML Authentication for Administrators section, under IdP SAML Certificate, click Upload.

    3. In the IdP SAML Certificate window, click Choose File and upload the certificate, then click Upload when complete.

    4. Under Issuer, paste the Identity Provider Identifier you copied from Okta, then click Add Items.

    5. Enable SAML Authentication.

    6. Click Save and activate the changes.

Testing the Admin SAML SSO

To test the SAML admin SSO, you can initiate the SAML connection from the Zscaler Cloud and Branch Connector Administrator Application.

  1. On your Okta Dashboard, click the Four Square icon in the top right corner.

  2. In Okta Apps, click My end user dashboard.

    Okta redirects you to My Apps.

  3. In the Work section, click Zscaler Cloud and Branch Connector Administrator Application. You are automatically signed in to the Zscaler Admin Portal].

Related Articles
Configuring SAML for AdminsAdmin SAML Configuration Guide for AD FS 3.0Admin SAML Configuration Guide for OktaAdmin SAML Configuration Guide for Azure Active Directory