Before you begin configuring single sign-on on the Cloud App Security management console, make sure that:
You have provisioned an Exchange Online, SharePoint Online, or OneDrive service account. For details, see Provisioning Office 365 Services.
You are logged on to the management console as a Cloud App Security global administrator.
The Single Sign-On screen appears.
Identity Provider |
Service URL |
---|---|
Azure AD |
Azure AD Premium edition: Login URL Note:
Cloud App Security no longer supports SSO configuration for the Azure AD Free or Basic edition for security reasons. |
AD FS |
https://example.com/adfs/ls |
Okta |
Identity Provider Single Sign-On URL |
Google Workspace |
https://accounts.google.com/o/saml2/initsso?idpid=example1&spid=example2&forceauthn=false Note:
Replace the variables example1 and example2 in the URL. |
PingOne |
Initiate Single Sign-On URL |
Identity Provider |
Application Identifier |
---|---|
Azure AD |
Azure AD Premium edition: Application ID Note:
Cloud App Security no longer supports SSO configuration for the Azure AD Free or Basic edition for security reasons. |
AD FS |
Relying party trust identifier |
Okta |
Identity Provider Issuer |
Google Workspace |
Entity ID |
PingOne |
Issuer ID |
This field is required for security reasons. Since the Azure AD Free and Basic editions do not support certificates, you are unable to configure SSO for the two editions in Cloud App Security.
After configuring SSO settings, administrators added from your AD infrastructure, Okta organization, Google Workspace, or PingOne can use their AD, Okta, Google Workspace, or PingOne account credentials to single sign on to the management console. For details about how to add a user as an administrator, see Administrator and Role.