Integrating with Azure AD and Okta for SSO
We already discussed the benefits of user authentication in Chapter 4, Understanding Traffic Forwarding and User Authentication Options. Here, we will look at how to configure ZPA end-user authentication using an IdP such as Azure AD and Okta. The first step in this process is to add an IdP in the ZPA Admin Portal. Enterprise users have an option to authenticate against multiple IdPs.
Adding an IdP
A ZPA administrator needs to first log in to the ZPA Admin Portal and then navigate to Administration -> Authentication -> Settings. In the Primary Authentication Domain section, the administrator should verify the domains defined for their enterprise. If any domains are incorrect or missing, Zscaler support should be engaged immediately to rectify this situation. Please note that at least one authentication domain per IdP is needed if the administrator plans to add multiple IdPs.
Once this verification is completed, click on the...