Enterprise Browser

Netskope One Enterprise Browser

Overview

The Netskope One Enterprise Browser enables Netskope One SSE services such as SWG (e.g. URL categorization), CASB (control of user activities in the context of the application), as well as threat protection and DLP to be extended to cover corporate users with unmanaged / personal devices, as well as non-employee contractors. Netskope One Enterprise Browser leverages the Netskope One platform, with a single policy engine and admin console.

Netskope One Enterprise Browser also complements Netskope One Data Security with granular in-browser policies for any website the user is browsing. Admins can define in-browser protection policies for any predefined or custom URL category or cloud application.

Netskope One Enterprise Browser allows companies to deliver secure browser-based access to their corporate apps to minimize the risk of data leakage even on untrusted, unmanaged devices:

  • Provide BYOD users and contractors secure access to corporate apps, applying corporate SSE controls via Netskope’s NewEdge
  • Enable M&A users to quickly and easily access your corporate SaaS apps, while reducing the risk of data leaks
  • Elevate the security of your users accessing critical data, even on managed devices

Netskope One Enterprise Browser customers benefit from:

  • Fast time to operationalize by easily extending existing application control policies to BYOD users / contractors
  • Enterprise Browser protection policies apply data protection controls to the browsing experience itself, including activities like copy, paste, and print
  • Hardened browser reduces the risk of data leakage on untrusted devices
  • Self-service process reduces IT overhead by enabling users to easily install and configure the browser and remove it from their endpoint, all without the need for admin intervention
  • The user experience is optimized by relegating enterprise access to a self-contained workspace environment based on the familiar Chrome experience of their personal browser, and is separated from users’ personal browser of choice
  • Application access is simplified and secured by having a corporate applications home page with app links defined by the admin

Configuration Guide

The following sections outline the required steps to set up your tenant for the Netskope One Enterprise Browser (EB).

(Admin) Browser Set Up

Before inviting users to install Enterprise Browser and setting up policies, you must set up the basic configurations for the Enterprise Browser.

Path: Settings → Security Cloud Platform → Enterprise Browser → Browser Setup

Before inviting users to install Enterprise Browser and setting up policies, you must set up the basic configurations for the Enterprise Browser.

Path: Settings → Security Cloud Platform → Enterprise Browser → Browser Setup

  • Set up the identity provider: 
    • Go to Forward Proxy SAML Section to connect your identity provider with Nestkope’s Forward Proxy. This will allow Netskope to authenticate users using Netskope Enterprise Browser. Select Access Method = “Enterprise Browser”.
  • Set up the Bypass Settings: 

Incoming requests from EB are only accepted after the user is authenticated to the customer’s SSO as configured in the previous step.

  • You need to specify your IdP domains to allow user authentication to your SSO. If you do not include your IdP domains in this list, users will not be able to reach your IdP Domains to authenticate, and they will not be able to use Enterprise Browser.
  • E.g. If your IdP is Okta, you will need to include: *.okta.com, *.oktacdn.com each in a separate row. 

(Admin) User Provisioning

You can invite users to download and install Netskope Enterprise Browser. Configure the style and content of the invitation and installation emails by editing the logo, button color, and templates below.

Path: Settings → Security Cloud Platform → Enterprise Browser → User Provisioning

  • Provisioning Users: click the Invite Users button. Select users, user groups or OUs that you want to onboard to use Netskope Enterprise Browser.

Individual invites will be sent using the Email invitation template. You can edit the template and / or use your company logo.

Notes: 

You can invite users to download and install Netskope Enterprise Browser. Configure the style and content of the invitation and installation emails by editing the logo, button color, and templates below.

Path: Settings → Security Cloud Platform → Enterprise Browser → User Provisioning

  • Provisioning Users: click the Invite Users button. Select users, user groups or OUs that you want to onboard to use Netskope Enterprise Browser.

Individual invites will be sent using the Email invitation template. You can edit the template and / or use your company logo.

Notes: 

  1. Inviting a user that has been previously invited will resend the onboarding email. License Key remains the same.
  2. The “Do not send onboarding email” option is used in MDM deployment scenarios, where admins need to provision the user in Enterprise Browser  service before running the MDM script.

(Admin) Setting Up Your First RTP Policy for the Enterprise Browser

You can define your own Real Time Protection (RTP) policies with the Netskope Enterprise Browser.

Path: Policies → Real-time Protection

  • For Web Access Policies: e.g. you can create a policy blocking any traffic to web sites in a certain category (e.g. “News & Media”). Click “New Policy” → “Web Access”.
    • You will select Access Method = “Enterprise Browser” to apply these policies to “Enterprise Browser” traffic
    • Note: Leaving Access Method empty will apply to all Access Methods including EB (e.g. “Client”, “GRE”, “Enterprise Browser”…)
  • For Cloud Apps / DLP Policies: e.g. Admins can create policies to control activities in cloud apps and combine them with DLP profiles to prevent data leakage when EB users interact. E.g.  blocking Downloads of Files with sensitive Data from Google Drive.. Click “New Policy” → “DLP”.

(Admin) Setting Up Your First Browser Control for the Enterprise Browser

You can define Browser Protection policies (copy, paste, print) and enforce them in Netskope Enterprise Browser. 

Path: Policies → Enterprise Browser Control

  • Select the Users or User groups and the destination to which you want to apply the policy to. You can create fine grain policies leveraging Predefined and Custom categories, as well as any cloud application (E.g. Create a policy to block copy and print in Google Drive)

Note: In the unlikely event of an error in the processing of the Enterprise Browser Protection Policies, EB will apply the fallback actions defined by the customer under “Settings”

Path: Policies → Enterprise Browser Control → “Settings”

(User) Onboarding on the Enterprise Browser

1 – Once the admin has provisioned users for the Netskope Enterprise Browser, they will receive an email with instructions to download and install EB, including the license key. Once downloaded, the user installs the Enterprise Browser, which will be launched automatically.

2 – Once the Enterprise Browser is installed, it will be launched. The user will need to create an Enterprise Browser profile, using the license key included in the email.

Each profile is tied to a specific Netskope tenant. Multiple profiles allow for use cases where a user needs to use Enterprise Browser to interact with different Netskope Tenants: e.g. contractors working for different companies.

Notes: 

  1. Users cannot browse without a browser profile – failure to create a profile will prevent the user to browse with Enterprise Browser
  2. Users can leverage the same license in different devices: (e.g. contractor personal  and work laptop)

3- Once the profile is created and the user starts browsing, they will automatically be redirected to your tenant’s SSO page, configured in the previous step. 

Netskope relies on the customer’s SSO to authenticate the EB user and allow them to send EB generated traffic through Netskope.

(User) Browsing with the Enterprise Browser

At this point, Netskope Enterprise Browser is up and running. Users can browse to any web page or cloud app. Your Real Time Protection Policies configured previously for “Enterprise Browser” access method will apply: 

  • E.g. if a policy is created to block “News and Media” and browse to a web site in the “News and Media” category, e.g. cnn.com. You will be notified that the traffic is blocked according to the policy. 
  • E.g. if you created a DLP policy to prevent upload of docs with sensitive information to google cloud, e.g. credit card information. The Enterprise Browser will block the upload and you will be notified that the upload is blocked. 
  • E.g. A Google Cloud presentation trying to copy / print. You will be notified that copying / printing is blocked according to the policy.

Share this Doc

Enterprise Browser

Or copy link

In this topic ...