SAML Configuration Example: OneLogin
This example illustrates how to configure OneLogin as an IdP for the Zscaler service. It also describes how to integrate Active Directory and configure an AD connector. Refer to the OneLogin documentation for additional information about the steps in the example.
Ensure that you have the following before you start configuring OneLogin:
- OneLogin account with admin privileges
- The Zscaler public certificate (See Configuring the Zscaler service for SAML.)
Adding the Zscaler Service as an Application
- Log in to OneLogin as a company administrator and click Find apps.
- In the Find apps window, enter Zscaler in the search field, and then click add beside Zscaler in the list of results.
- In the Add Zscaler window, choose Zscaler in the This app will be used by field.
- Click Continue.
- In the Single Sign-on tab, do the following, and then click Update:
- In the Credentials section, select Configured by admin.
- In the Default values section, select Email from the NameID menu.
- Copy the SAML Endpoints URL. You will paste this in the URL of the SAML Portal to which users are sent for authentication field of the Zscaler service portal.
Downloading the Certificate
To download the certificate, go to Security > SAMLand download the x.509 certificate in PEM format.
Assigning Users to the Zscaler Application
You can assign users individually or by roles. This example describes how to assign users by role.
To assign users to the Zscaler application:
- In OneLogin, go to People > Roles and click edit.
- Select Zscaler from the list of apps, click Commit changes, and then click Update.
Adding a New Directory
To add a directory:
- Go to People > Directories and click New Directory.
- Click Windows Server Active Directory.
- In the New Directory window, click Update.
- In the Active Directory window, do the following and click Update:
- Download the AD Connector and save the file.
- Copy the token, which you will use when you install the AD connector.
- When the confirmation message appears, click Save File.
Installing the OneLogin Active Directory Connector
To install the connector:
- Navigate to where you saved the AD connector and run it.
- When the wizard appears, click Next.
- Specify where you’d like to install the connector and click Next.
- In the Directory Token window, paste the token that you copied in step 4 of the preceding section, Adding a New Directory and click Next.
- Click Close to exit the wizard.
- The installation is complete.
Testing the Configuration
If you are already logged in to the Zscaler service, browse to https://login.zscaler.net/zscaler.portal (or replace zscaler.net with the cloud name you are using), and click Logout.
To learn how you can find your cloud name, click here.
Otherwise, ensure that your traffic is being forwarded to the Zscaler service and then browse to a web site. When prompted for authentication, provide your SAML login credentials to login. (If any error occurs, see Troubleshooting Guidelines.)