Configuring Single Sign-On

Before you begin configuring single sign-on on the Cloud App Security management console, make sure that:

  • You have provisioned an Exchange Online or SharePoint Online Delegate Account. For details, see Provisioning Microsoft Office 365 Services.

  • You are logged on to the management console as a Cloud App Security global administrator.

  1. Go to Administration > Single Sign-On.

    The Single Sign-On screen appears.

  2. Configure the general settings for single sign-on.
    1. Select Enable SSO.
    2. Select the identity provider in Identity Provider.
    3. Specify the service URL. Depending on the Azure AD, AD FS or Okta you configured, it is also referred to as:

      In Azure AD

      • Azure AD Premium Edition: SAML Single Sign-On Service URL

      • Azure AD Free or Basic Edition: SAML-P SIGN-ON ENDPOINT

      In AD FS

      https://example.com/adfs/ls

      In Okta

      Identity Provider Single Sign-On URL

    4. Specify the application identifier. Depending on the Azure AD, AD FS or Okta you configured, it is also referred to as:

      In Azure AD

      • Azure AD Premium Edition: Identifier

      • Azure AD Free or Basic Edition: Application ID

      In AD FS

      Relying party trust identifier

      In Okta

      Identity Provider Issuer

    5. Locate the Base-64 encoded X.509 certificate file you recorded in Okta, or downloaded in Azure AD configuration, or exported in AD FS configuration, and then copy and paste the content in the text box.
  3. Click Save.
    Note:

    After configuring SSO settings, administrators added from your AD infrastructure or Okta organization can use their AD or Okta account credentials to single sign on to the management console. For details about how to add a user as an administrator, see Administrator and Role.