Skip to main content

Netskope Help

Configure an Enterprise Application in Microsoft Azure Active Directory using SAML
  1. Log in to Azure AD console.

  2. Go to Azure Active Directory > Enterprise Applications. Click New Application.

  3. Search for netskope and select Netskope Administrator Console from the list.

  4. Enter a Name: Netskope SSO and click Add.

    A message will be displayed that the application was added successfully.

  5. Select Single sign-on and then SAML.

  6. Click the pencil icon in the Basic SAML Configuration.

  7. You will need URLs and information from Netskope at this point. Login to your tenant and go to Settings in the bottom of the left panel.

  8. Click Administration and then SSO.

  9. Copy the string from Service Provider Entity ID under the Netskope Settings section. The string should be similar to Cdc7athjXYFU06mul.

  10. In the Azure Portal, paste that string into the Identifier (Entity ID) field:

  11. Copy the URL from the Assertion Consumer Service URL. The URL should be similar to https://<tenantname>

  12. Paste the URL into the field for Reply URL (Assertion Consumer Service URL).

  13. Click the pencil icon for User Attributes & Claims:

  14. Click Add new claim:

  15. This pane is for the user attribute that will be passed to Netskope representing the admin role. Enter admin-role in the Name Field. You have two options for the Source Attribute field:

    1. If you want all users to have the same role, then set this to a constant, such as Tenant Admin.

    2. If you want to assign users individual admin roles then set the Source attributed to user.assignedroles. You will need to define the admin roles as described in the section Define Custom Roles for Azure Active Directory Enterprise Application.

  16. Download the SAML Signing Certificate in Base64 format:


    Save this for Step 6 in the next section, Configure SSO Settings in the Netskope UI.