Configuring Okta for Admin SAML Single Sign-On

Configuring Okta for Admin SAML Single Sign-On

This example illustrates how to configure the Zscaler service as an application in Okta for enabling SAML single sign-on for admins. Refer to the Okta documentation for additional information about the steps in the example.


Ensure you the following before configuring Okta:

  • Okta account with admin privileges
  • Admin accounts created for your organization's admins. To learn more, see Adding Admins.

Configuration Steps

To add the Zscaler service as an application, log in to Okta and do the following:

  1. Go the Applications tab and click Add Application.
  2. Enter SAML Service Provider in the Search field, and then click Add.

Screenshot illustrating how to add the SAML Service Provider app

3.  In Add SAML Service Provider, complete the following:

  1. In General Settings, specify the display name for the Zscaler service in Application Label and click Next.

Screenshot of the General Settings tab with name added in the Application label

  1. In Sign-On Options, click View Setup Instructions.

Screenshot of the Sign-On Options page with the View Setup Instructions highlighted in a red box

  1. From the dialog that opens, download the Identity Provider Certificate by clicking the provided link.

Screenshot of dialogue box with the link to download the Identity Provider Certificate highlighted

  1. The file downloaded will be named "okta.cert". Rename the certificate to "okta.cer".
  2. In Assign SAML Service Provider to People, enter the admin's name (Person) and email address (Username), and click Done.

Screenshot of the Assign SAML Service Provider to People tab with Done button highlighted in a red box

The admin can now access the Zscaler Admin Portal through Okta by clicking on the configured Zscaler application for Admin SAML. See example below.

Screenshot of the Okta app with the admin SAML app now available