Netskope Help

Configure Google IdP for Netskope SAML Forward Proxy

This procedure involves using the Netskope UI and Google Console simultaneously, so use separate browser tabs to change between them between some of the steps. Also have a text editor handy with the Netskope SAML settings you copied previously; you'll be copying and pasting some Google settings during this process as well.

  1. Log in to the Google Workspace Admin Console as a Super Administrator.

    image4.png
  2. Click Apps.

    image5.png
  3. Click SAML Apps.

    image6.png
  4. Select Add App > Add custom SAML app

    image7.png
  5. Enter a unique name.

    image8.png

    Optionally you can upload a logo. When finished, click Continue.

  6. Copy the SSO URL and paste in a text editor.

    image9.png
  7. Copy the Entity ID and paste in a text editor.

    image10.png
  8. Copy the Certificate and paste in a text editor.

    image11.png
  9. In the Netskope tenant, go to Settings > Security Cloud Platform > Forward Proxy > SAML

  10. Select Add Account and enter these parameters:

    • Name: Enter a descriptive name.

    • IDP URL: Paste the SSO URL copied from Google.

    • IDP Entity ID: Paste the Entity ID copied from Google.

    • IDP Certificate: Paste the Certificate copied from Google.

    When finished, click Save.

  11. In the Google console, click Continue and enter these parameters:

    • ACS URL: Paste the SAML ACS URL copied from the Netskope UI (in the first section).

    • Entity ID: Paste the SAML Entity ID copied from the Netskope UI.

    image12.png

    Leave everything else as default and select Continue.

  12. On the Attributes page, select Finish.

  13. Ensure Service Status is On for Everyone.

    image13.png
  14. In the Netskope tenant, go to Settings > Security Cloud Platform > Forward Proxy > Authentication and click Enable Authentication.

  15. Activate the Enable toggle, select the SAML Account created in step 10, and then click Save.

    image14.png