Single Sign-on (SSO) provides the ability to create and apply access policies to login activities. This ability enables more fine-grained access control over login activities for the onboarded cloud applications in your enterprise.

Secure Cloud Access supports this feature by providing an IdP proxy entity. You can activate this feature by setting up the Secure Cloud Access IdP proxy to be part of the SSO flow in your enterprise.

Setting up the Secure Cloud Access IdP proxy includes the following components:

• Identity provider (IdP) - The identity provider of your choice (for example, Okta, Ping Identity, and so on)
• Service provider (SP) - The cloud service provider on which you want to apply login policies.

• IdP proxy routing - The Secure Cloud Access component that serves as an intermediary between the cloud (SP) and the IdP.

  Before setting up an IdP proxy in Secure Cloud Access, you should have an SSO set up in your enterprise and have confirmed that it works. Then, you can create SSO providers representing IdP and SP(s) in Secure Cloud Access and create IdP proxy routing that associates an IdP to one or more SPs.