This guide illustrates how to configure Okta as the identity provider for the Zscaler service and use SAML single sign-on (SSO) for admins. Refer to the Okta documentation for additional information about the steps in the guide.

Prerequisites

Ensure you have the following before configuring Okta:

• Okta account with admin privileges
• Admin accounts created for your organization's admins. To learn more, see Adding Admins.

Configuring Admin SAML SSO in Okta

To configure Okta as the IdP for the Zscaler service and use SAML SSO for admins:

1. Go the Applications tab and click Add Application.
2. Enter SAML Service Provider in the Search field, and then click Add.
   See image.

   

   Close
3. In General Settings, specify the display name for the Zscaler service in Application Label and click Next.
   See image.

   

   Close
4. In Sign-On Options, click View Setup Instructions.
   See image.

   

   Close
5. From the dialog that opens, download the Identity Provider Certificate by clicking the provided link.
   See image.

   

   Close
6. The file downloaded will be named "okta.cert". Rename the certificate to "okta.cer".
7. In Assign SAML Service Provider to People, enter the admin's name (Person) and email address (Username), and click Done.
   See image.

   

   Close

The admin can now access the ZIA Admin Portal through Okta by clicking on the configured Zscaler application for Admin SAML.
See image.