SAML Configuration Example: Okta
This example illustrates how to configure the Zscaler service as an application in Okta. It also describes how to integrate Active Directory with Okta. Refer to the Okta documentation for additional information about the steps in the example.
Ensure that you have the following before you start configuration:
- Okta account with admin privileges
- Windows Server 2003 R2 or later
Configuring the Zscaler Service in Okta
Do the following to configure the Zscaler service in Okta:
Add the Zscaler service as an application and do the following.
- Define the settings.
- Choose sign-on options.
- Assign the Zscaler service to users.
- Integrate Active Directory with Okta.
- Import user information to Okta.
After you configure Okta and the Zscaler service, you can then test the configuration as described in Testing the Configuration.
Adding the Zscaler Service
Adding the Zscaler service as an application includes defining its settings, choosing SAML 2.0 as the single sign-on option and assigning the service to users.
To add the Zscaler service as an application:mm
- Log in to Okta.
- Go the Applications tab and click Add Application.
- Enter Zscaler in the Search field, and then click + beside Zscaler on the list of results.
- In the General Settings tab, complete the following and click Next:
- Application Label: Specify the display name for the service.
- Your Zscaler Domain: Specify the domain in the URL you use to log in to the service. For example, if you log into https://admin.zscaler.net/, enter zscaler.net.
- If you are enabling SAML auto-provisioning, complete the User Display Name, Department Name, and Group Name fields.
Group Filter: Optionally, enter an expression to be used to filter groups. For example, zscaler.* includes all groups prefixed with the string “zscaler_”.
- In the Sign-On Options tab, do the following, and then click Next:
- Choose SAML 2.0.
- From the Default user name format menu, choose Okta username.
- In the Assign to People tab, select users who will log in to the Zscaler service.
- After selecting users, review and confirm your assignments, and then click Next.
- Okta displays a confirmation message.
You can customize the login window including the security Image, and username and password format. For more information, refer to the Okta documentation.
Integrating Active Directory
To integrate Active Directory with Okta:
- In Okta, click My Applications.
- In the My Applications window, click Edit.
- Cick Administration to go to the My Applications Dashboard.
- Go to People > Directories, and then click Add Directory > Add Active Directory.
- From the Set Up Active Directory window, click Set Up Active Directory.
- Download the Okta Active Directory agent.
- After you download the Okta AD agent, double-click the OktaADAgentSetup.exe file to start the Okta AD Agent Setup wizard.
- Select the installation folder and click Next.
- Select Create or use the Okta Service account and click Next.
- Provide your Okta user credentials to register the Okta AD Agent.
- When Okta confirms the integration, click Done.
To define the import settings and import users:
- In Okta, go to People > Directories and click the directory you created.
- Click the Settings tab.
- Define the import settings and click Save Settings.
- Go to People > Directories and click the directory you created.
- Go to the Import tab and click Import Now.
- Since this is the first time you’re importing users, choose Full Import, and then click Import. On subsequent imports, you can choose Incremental Import.
Testing the Configuration
If you are already logged in to the Zscaler service, browse to https://login.zscaler.net/zscaler.portal (or replace zscaler.net with the cloud name you are using), and click Logout.
To learn how you can find your cloud name, click here.
Otherwise, ensure that your traffic is being forwarded to the Zscaler service and then browse to a web site. When prompted for authentication, provide your SAML login credentials to login. (If any error occurs, see Troubleshooting Guidelines.)