icon-unified.svg
Experience Center

Configuration Guide for Okta

This guide provides information on how to set up Okta as an IdP for Private Applications.

Prerequisites

Ensure that you have the following:

  • An Okta account with admin privileges
  • A Private Applications account with an administrator role that allows you to add an IdP Configuration

Configuring Okta for SSO

To configure Okta as the IdP for a Private Applications user and admin SSO:

  1. Log in to the Okta portal as an administrator.
  2. Within the top banner, make sure that Classic UI is selected from the drop-down menu.

You may only see the Classic UI if you are in the Okta developer dashboard.

  1. Go to Applications from the top menu.
  2. Click Add Application.
  3. In the search toolbar, search for Zscaler Private Access 2.0. When the application appears, click Add.
  4. On the General Settings page that appears:
    1. For Application label, make sure that Zscaler Private Access 2.0 is entered.
    2. Click Done.
  5. On the Assignments page that appears:
    1. Select Assign > Assign to People or Assign to Groups.
    2. In the window that appears, click Assign for the user or group you want to select, then click Save and Go Back.
    3. Repeat step b for all users and groups you want to assign to the Private Applications application, then click Done.
  6. Go to the Sign On page, click Edit, and complete the following fields. You must use the SAML 2.0 sign-on option for this application:
    1. (Optional) If you want to pass Okta group information as part of the SAML response:
      1. From the GroupName drop-down menu, select your preferred group filter (e.g., Matches Regex).
      2. Type in the applicable value for the group filter in the text field.

For example, selecting Matches Regex and entering .* sends information for all Okta groups to Private Applications within the SAML response.

  1. Click the Identity Provider metadata hyperlink to download the IdP's metadata file. You will need this file later in order to complete the configuration within the Admin Portal.
  2. For Service Provider URL, the URL that is provided for you when you configure a new IdP configuration in the Admin Portal. This URL is specific to your IdP.
  3. For Service Provider Entity ID, enter the ID that is provided for you when you configure a new IdP configuration in the Admin Portal. This ID is specific to your IdP.
  4. Click Save.
  5. Go to the Admin Portal and complete the IdP configuration set up.
  6. (Optional) If you are configuring Okta for user SSO and want to use SCIM, proceed to the SCIM Configuration Guide for Okta.

After configuring your IdP, be sure to verify the configuration.

Related Articles
Configuration Guide for Gemalto SafeNet Authentication ManagerConfiguration Guide for Microsoft ADFS 2.0 and 3.0Configuration Guide for Microsoft Azure ADConfiguration Guide for OktaConfiguration Guide for OneloginConfiguration Guide for Ping Identity PingOne