Azure AD Integration and SSO for Zero Trust Secure Access

Integrate with Azure AD to authenticate access attempts and take action on risky account activity.

Important:

You cannot configure single sign-on (SSO) from multiple IAMs. Ensure that you configure the necessary permissions and SSO on the IAM you want to use for Private Access and Internet Access authentication.

Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.

  1. Go to Zero Trust Secure Access > Secure Access Configuration > Identity and Access Management.
  2. Click Azure AD.
  3. For customers that want to take direct action on risky accounts and authenticate Private Access and Internet Access rules:
    1. In the IAM System Settings panel, click Configure Azure AD in Third Party Integration.

      A new browser tab opens to the Third-Party Integration screen.

    2. In Associated apps, select Zero Trust Secure Access.
    3. In the Zero Trust Secure Access row, click Grant permissions and follow the Azure AD onscreen instructions.
    4. Switch back to the Zero Trust Secure Access browser tab.
    5. In the IAM System Settings panel, toggle On the Policy enforcement permission control.
  4. For customers that only want to authenticate Private Access and Internet Access rules:
    1. In the IAM System Settings panel, click Configure Azure AD in Risk Insights.

      A new browser tab opens to the Operations Dashboard > Data source screen.

    2. In the Data Source panel, toggle On the Data upload permission control, and follow the Azure AD onscreen instructions..
    3. Switch back to the Zero Trust Secure Access browser tab.
  5. Configure your Azure AD SSO settings.