Configuring Single Sign-On

Before you begin configuring single sign-on on the Cloud App Security management console, make sure that:

  • You have provisioned an Exchange Online, SharePoint Online, or OneDrive service account. For details, see Provisioning Office 365 Services.

  • You are logged on to the management console as a Cloud App Security global administrator.

  1. Go to Administration > Single Sign-On.

    The Single Sign-On screen appears.

  2. Configure the general settings for single sign-on.
    1. Select Enable SSO.
    2. Select the identity provider in Identity Provider.
    3. Specify the service URL. Depending on the Azure AD, AD FS or Okta you configured, it is also referred to as:

      In Azure AD

      Azure AD Premium edition: Login URL

      Note:

      Cloud App Security no longer supports SSO configuration for the Azure AD Free or Basic edition for security reasons.

      In AD FS

      https://example.com/adfs/ls

      In Okta

      Identity Provider Single Sign-On URL

    4. Specify the application identifier. Depending on the Azure AD, AD FS or Okta you configured, it is also referred to as:

      In Azure AD

      Azure AD Premium edition: Application ID

      Note:

      Cloud App Security no longer supports SSO configuration for the Azure AD Free or Basic edition for security reasons.

      In AD FS

      Relying party trust identifier

      In Okta

      Identity Provider Issuer

    5. Locate the Base-64 encoded X.509 certificate file you recorded in Okta, or downloaded in Azure AD configuration, or exported in AD FS configuration, and then copy and paste the content in the text box.
      Note:

      This field is required for security reasons. Since the Azure AD Free and Basic editions do not support certificates, you are unable to configure SSO for the two editions in Cloud App Security.

  3. Click Save.
    Note:

    After configuring SSO settings, administrators added from your AD infrastructure or Okta organization can use their AD or Okta account credentials to single sign on to the management console. For details about how to add a user as an administrator, see Administrator and Role.