Configuring Single Sign-On

The Single Sign-On screen appears.

1. Select Enable SSO.
2. Select the identity provider in Identity Provider.
3. Specify the service URL you recorded when configuring the identity provider.

   Identity Provider	Service URL
   Azure AD	Azure AD Premium edition: Login URL Note: Cloud App Security no longer supports SSO configuration for the Azure AD Free or Basic edition for security reasons.
   AD FS	https://example.com/adfs/ls
   Okta	Identity Provider Single Sign-On URL
   Google Workspace	https://accounts.google.com/o/saml2/initsso?idpid=example1&spid=example2&forceauthn=false Note: Replace the variables example1 and example2 in the URL.
   PingOne	Initiate Single Sign-On URL

4. Specify the application identifier you recorded when configuring the identity provider.

   Identity Provider	Application Identifier
   Azure AD	Azure AD Premium edition: Application ID Note: Cloud App Security no longer supports SSO configuration for the Azure AD Free or Basic edition for security reasons.
   AD FS	Relying party trust identifier
   Okta	Identity Provider Issuer
   Google Workspace	Entity ID
   PingOne	Issuer ID

5. Locate the Base-64 encoded X.509 certificate file you recorded in Okta or Google Workspace, downloaded in Azure AD or PingOne configuration, or exported in AD FS configuration, and then copy and paste the content in the text box.
   Note:

   This field is required for security reasons. Since the Azure AD Free and Basic editions do not support certificates, you are unable to configure SSO for the two editions in Cloud App Security.