Digital Experience Monitoring (ZDX)
Admin SAML Configuration Guide for Okta
This guide illustrates how to configure Okta as the identity provider for the Zscaler service and use SAML single sign-on (SSO) for admins. Refer to the Okta documentation for additional information about the steps in the guide.
Prerequisites
Ensure you have the following before configuring Okta:
- Okta account with admin privileges
- ZDX Admin accounts created for your organization's admins
- ZDX cloud URL
When configuring IdPs, the following information might be required for ZDX.
- ACS URL:
For ZDX Cloud:
https://admin.zdxcloud.net/zdx/idp-auth
For ZDX Beta Cloud:
https://admin.zdxbeta.net/zdx/idp-auth
- Download the SAML SSL certificate from the IdP. It must be in Base-64 encoded PEM format.
- Entity ID:
For ZDX Cloud:
https://admin.zdxcloud.net
For ZDX Beta Cloud:
https://admin.zdxbeta.net
If you have a domain defined on multiple ZIA clouds, enter the ZIA cloud name that is associated with ZDX in the Relay State field (for example,
zscalertwo.net) for each application.You must also create admin accounts for your organization's admins. To learn more, see Adding ZDX Admins.
To learn more, see Configuring SAML for ZDX Admins.
Close
Configuring Admin SAML SSO in Okta
To configure Okta as the IdP for the Zscaler service and use SAML SSO for admins:
- Go Applications > Create App Integration.
- Enter
ZDXin the Search field to select ZDX SAML. Select SAML 2.0 as the sign-in method and click Next.
In the Create SAML Integration wizard, for General Settings, enter the App Name for the Zscaler service's display name and then click Next.
For Configure SAML, enter your Access (ACS) URL to Single sign on URL, Recipient URL, Destination URL, and Audience URI (SP Entity ID).
Click Next.
If Use this for Recipient URL and Destination URL is selected, then your Single sign on URL is copied into the Single sign on URL and Audience URI (SP Entity ID) fields.
If you have a domain defined on multiple ZIA clouds, then enter the ZIA cloud name that is associated with ZDX in the Default RelayState field (e.g., zscaler.net).
For Feedback, choose I'm a software vendor. I'd like to integrate my app with Okta and then click Finish to complete the SAML integration.
In the Assign ZDX SAML SSO to People, enter the admin's name or email address (Username) to search, and click Assign.
Confirm the selected admin by their user name and click Save and go back.
Review the assigned admin in the SAML Service Provider and exit from the window.
The admin can now access the ZDX Admin Portal through Okta by clicking the configured Zscaler application for Admin SAML.
