Skip to main content

Netskope Help

Configure Google Workspace as the IdP for Browser Access Authentication

This document explains how to configure Google Workspace as your IdP to work with Browser Access to perform authentication in a browser.

Prerequisites

To complete this procedure you need:

  • A basic understanding of SAML, like knowing the relation between the service provider (SP) and the identity provider (IdP).

  • A Google Workspace account. If you don't have one, use these instructionsGo-to-Icon.png to create one.

  • A Private App configured for Browser Access.

For more information about creating a SAML application in Google, go hereGo-to-Icon.png.

Workflow
  1. Get your Google Workspace SSO information

  2. Configure Google Workspace with a customized SAML application

First configure Google Workspace with a customized SAML application, finally end with the connecting of private app in the Clientless way.

Get your Google Workspace SSO Information
  1. Log in to Google WorkspaceGo-to-Icon.png and go to the Security Settings SSO pageGo-to-Icon.png.

  2. Copy the SSO URL and Certificate.

    image2.png
Create a Netskope SAML Reverse Proxy Account
  1. In the Netskope UI, go to Settings > Security Cloud Platform > Reverse Proxy > SAML and click Add Account.

  2. Enter a name and select Private Apps from the Application dropdown list.

    image3.png
  3. Enter your Google Workplace SSO URL and certificate.

  4. Click Save.

  5. Click Network Settings beside the account name.

    image5.png
  6. Copy the ACS URL and Audience URL.

    image6.png
Create a SAML Application
  1. Go back to Google WorkspaceGo-to-Icon.png , click Add App, and then click Add Custom SAML App.

  2. Enter an App Name and click Continue.

    image7.png
  3. On the next page just click Continue.

    image8.png
  4. For ACS URL, enter the ACS URL from the Netskope UI. For Entity ID, enter the Audience URL from the Netskope UI.

  5. Click Finish.

Test Browser Access
  1. In a browser, go to the Public Host address for the Private App configured for Browser Access. To get the Public Host address, go to Settings > Security Cloud Platform > App Definition > Private Apps and click on your private app.

    image9.png
  2. Use the Google Workspace account to authenticate and log in.