Skip to main content

Netskope Help

Netskope Client For Linux

Netskope now inspects traffic from the devices with Linux operating system(OS) and provisions users similar to Windows and macOS. This document describes the steps to install the Client in a Linux device using CLI(Command-Line Interface), how to configure and steer traffic to the Netskope Cloud.


Netskope Cloud Firewall (CFW) and Netskope Private Access (NPA) is not supported on the Linux Client.


Ubuntu 18.04 LTS desktop version and 20.04 LTS desktop version.

Download Linux Client

Before you begin, download the Linux Client from Netskope. Contact Netskope Support to download the Linux installer.

Install A Linux Client

Once you download the Linux Client to the end-user device, perform the following steps to setup Client and connect to the Netskope Cloud:

  1. From your terminal, run the following command: sudo ./

  2. After the installation is complete, a pop-up is displayed to the user to enter the Netskope Tenant name and select the tenant domain. This information is shared with the user by their respective IT admin.

  3. Click Next to continue with enrollment. The user is redirected to their IdP login screen. Authentication status message is displayed in the browser.

  4. Once the user enrollment is complete, you can see the Client icon on the taskbar. Click the Client icon to view the configuration details.

Install Linux Client Through CLI

Use the following command to install and enroll using email ID: sudo ./ -H <tenant hostname> -o <org key> -m <email address>.For example, sudo ./ -H -o abc123xyz -m {-H | --tenant-hostname tenant_hostname}            
             {-o | --orgkey orgKey}            
             {-m | --email email_address}             
             [-a | --enroll-auth-token enroll_authentication_token]          
             [-e | --enroll-encrypt-token enroll_encryption_token]            
             [-c | --cli]
Options:-H --tenant-hostname: Tenant hostname
        -o --orgkey: org key
        -m --email: User email
        -a --enroll-auth-token: enroll authentication token
        -e --enroll-encrypt-token: enroll encryption token
        -c --cli: This is a flag for CLI only mode and no value
                  When this argument is present, UI will not be installed


All arguments mentioned within {} are mandatory.

Use the following command to install and enroll by UPN: sudo ./ -H <tenant hostname> -o <org key>. For example, sudo ./ -H -o abc123xyz. {-H | --tenant-hostname Tenant_hostname}             
             {-o | --orgkey orgKey}           
             [-u | --upn UPN]            
             [-a | --enroll-auth-token enroll_authentication_token]        
             [-e | --enroll-encrypt-token enroll_encryption_token]           
             [-c | --cli]
Options:-u --upn: User UPN


All arguments mentioned within {} are mandatory.

Use the following command to install and enroll by IDP: sudo ./ -i | --idp. {-i | --idp}	 
             [-t | --tenantname tenant_name]
             [-d | --domain tenant_domain]        
             [-e | --enroll-encrypt-token enroll_encryption_token] 
Options:-i --idp: This is a flag with no value. 
                  When this argument is present,installer will enroll by IDP. All other options will be skipped in IDP mode.
        -t --tenantName: tenant name
        -d --domain: tenant domain


All arguments mentioned within {} are mandatory.

Exception For Cert Pinned Application

By adding applications as a Certificate Pinned Application exception, the traffic from such applications is bypassed by Netskope cloud. A pinned app stores the public certificate or key of its destination website and presents it to Netskope cloud. When contacting the destination website / server, Netskope cloud verifies the pinned certificate with the server certificate. If they are validated, Netskope cloud bypasses traffic from the pinned application. For more information, view Certificate Pinned Applications.