Netskope Help

Configure an Enterprise Application in Microsoft Azure Active Directory for SAML Auth
  1. Login to the Microsoft Azure portal https://portal.azure.com

    image3.png
  2. Go to Azure Active Directory > Enterprise Applications > All Applications and click New application.

    image4.png
  3. Enter Netskope in the search bar. Select Netskope User Authentication. Enter a name, like Netskope FP SAML Auth, (for example). Click Create.

    image5.png

    Note

    If you are still using the old app gallery experience, then:

    1. Select Netskope User Authentication.

    2. Enter a name, like Netskope FP SAML Auth, (for example).

    3. Click Add.

      image6.png
  4. Select Single sign-on > SAML.

    image7.png
  5. Click Edit to enter the Basic SAML Configuration parameters.

    image8.png
  6. Enter Netskope Entity ID and Netskope ACS URL copied from the Netskope UI in the required fields, and then click Save.

    image9.png
    image10.png
    image11.png

    Click on the x icon to close SAML section.

  7. You will be prompted to test SSO. Select No, I’ll test later.

    image49.png
  8. Go to and edit User Attributes & Claims section.

    image13.png

    Delete all the default Additional claims. You only need the Required Claim.

  9. Select the value to edit the Unique User Identifier (Name ID) field.

    image11.png
  10. Set the Source attribute as user.mail and click Save.

    image12.png
  11. user.mail is set as the claim value for Name ID. Click on the x to close this section.

    image13.png
  12. Download the certificate in Certificate (Base64) format, and copy the Login URL and Azure AD Identifier values. These need to be entered into the Netskope Forward Proxy - SAML settings page later on.

    image17.png
  13. Next assign users who will log in using the Azure SAML Auth.

    Go to Users and groups > Add user/group.

    image18.png
  14. Select Users and groups.

    Select the users, and then click Select.

    image16.png
  15. Click Assign.

    If you want to use Group assignments, then you need at least a Microsoft P2 license or above. This may not apply in the future if Microsoft updates their software licensing models.

    image17.png
  16. The User has been successfully assigned to the SAML Auth application.

    image21.png
  17. Log off the Azure portal.