Netskope Help

Configure an Enterprise Application in Microsoft Azure Active Directory using SAML
  1. Log in to Azure AD console.

    image7.png
  2. Go to Azure Active Directory > Enterprise Applications. Click New Application.

    image8.png
  3. Search for netskope and select Netskope Administrator Console from the list.

  4. Enter a Name: Netskope SSO and click Add.

    A message will be displayed that the application was added successfully.

  5. Select Single sign-on and then SAML.

    image6.jpeg
  6. Click the pencil icon in the Basic SAML Configuration.

    image7.jpeg
  7. You will need URLs and information from Netskope at this point. Login to your tenant and go to Settings in the bottom of the left panel.

    image8.png
  8. Click Administration and then SSO.

    image9.jpeg
  9. Copy the string from Service Provider Entity ID under the Netskope Settings section. The string should be similar to Cdc7athjXYFU06mul.

    image10.png
  10. In the Azure Portal, paste that string into the Identifier (Entity ID) field:

    image11.jpeg
  11. Copy the URL from the Assertion Consumer Service URL. The URL should be similar to https://<tenantname>.goskope.com/saml/acs

    image12.png
  12. Paste the URL into the field for Reply URL (Assertion Consumer Service URL).

    image13.png
  13. Click the pencil icon for User Attributes & Claims:

    image14.jpeg
  14. Click Add new claim:

    image15.png
  15. This pane is for the user attribute that will be passed to Netskope representing the admin role. Enter admin-role in the Name Field. You have two options for the Source Attribute field:

    1. If you want all users to have the same role then set this to a constant such as “Tenant Admin".

      image16.png
    2. If you want to assign users individual admin roles then set the Source attributed to user.assignedroles. You will need to define the admin roles as described in the section Define Custom Roles for Azure Active Directory Enterprise Application.

      image17.png
  16. Download the SAML Signing Certificate in Base64 format:

    image18.jpeg

    Save this for Step 6 in the next section, Configure SSO Settings in the Netskope UI.