Primary User - Identity Provider

The Identity Provider option allows you to add or update the configurations to enable Single Sign-On (SSO) using your own identity provider. The supported protocol is SAML 2.

1. Click Identity Provider.
   
   
    
2. On the Identity Provider page, configure the following:
   • Identity Provider. Enter the following information from your IdP (such as Okta).
     You will receive the following information only after creating the application in your IdP.
     • Issuer. This is the Identity Provider Issuer.
     • Certificate. Download the certificate from your IdP and click Choose File to upload it.
     • Login URL. This is the Identity Provider Single Sign On URL.
     • Signature Algorithm. Enter SHA-256. Make sure this matches your IdP.
     • Request Binding. Select HTTP-POST from the menu. Make sure this matches your IdP.
3. Click Save Changes. 
   Upon saving the configuration, you will be provided with the Audience and Assertion Consumer Service URL under Service Provider (Skyhigh CASB).

4. Copy the Audience and Assertion Consumer Service URL to add to your IdP's SAML settings: 
   • Service Provider (Skyhigh CASB)
     • Audience. Edit your IdP application's SAML settings to update the Audience URl. 
     • Assertion Consumer Service URL. Edit your IdP application's SAML settings to include the Single Sign On URL.
     • Certificate. Download the SP certificate to validate our signature on the SAML request (Authentication).
     • SAML Metadata. Download the SAML metadata. It can be imported into IdP to configure automatically.
   • User List. You can include or exclude the user list from SSO.