Multi-Factor Authentication for Netskope Admins
Creating Netskope Local Admin Accounts
Most enterprise accounts implement Netskope SSO for management console access. In addition, local accounts are created for emergency access for a variety of business use cases. Multi-factor authentication (MFA) enhances the security of the user log in process by requiring users to provide unique authentication in addition to their regular sign in.
The Netskope platform supports MFA for Netskope admins to log in to the Netskope management console using a local administrator account.
Navigate to Settings > Administration > Admins to view the Admins page.
- Any Local Account type can be enabled for MFA.
- MFA Status column lists the user status: Enabled, Disabled, Pending Registration (user action required).
- Click ellipses > Edit to enable, delete, or reset MFA for a local admin user (requires user to authenticate with email and OTP).
Creating Netskope Local Account Admins
You can create a new admin and enable multi-factor authentication (MFA) for the user (Local Account type only). This is helpful so users cannot reuse/share login credentials.
-
Navigate to Settings > Administration > Admins to view the Admins page.
-
Click New Admin.
-
Select a role.
-
Optionally, enable the MFA toggle. To learn more: Enabling MFA for Netskope Local Accounts
-
Click Save.
Admins List Page
View the Admins List page. You will see the new admin email listed with an orange icon. This icon indicates that this account still needs to be verified. It is enabled once verification is complete.
To complete account verification, Netskope sends two emails to the user. One with an account activation URL.
After the user clicks Activate Account, a second email with a one-time password (OTP) is sent.
The new admin user must click the link to verify their email which consists of changing their temporary password and entering the OTP.
Resend Verification Email
If the user does not receive the email verification or the link expires, click the Resend Verification Email to send a new link.
You can click Resend Verification Email from the orange icon next to the admin’s name.
Optionally, navigate to the admin’s name in the Admins list page > click the ellipses at the end of the row > click Resend Verification Email.
Verification Time Period
Navigate to Admins > Settings to configure the local account verification period. Users will receive a verification link via email when their admin account is created or password is reset for a local account. You can define how long the verification link is valid. The minimum is 15 minutes and the maximum is 72 hours. The default time period is 24 hours.
Enabling MFA for Netskope Local Accounts
- Click ellipses at the end of the local admin account user. The Edit Admin page displays.
- Toggle the Multi-Factor Auth radio button from “Disabled” (default) to “Enabled”.
- The next time the local admin logs in to their account, the admin must re-verify their account. Emails are sent to the email associated with the admin’s Netskope account. To learn more: Admins List Page
Audit Log
Navigate to Settings > Administration > Audit Log to view MFA local account user activity.