Netskope Client IdP Mode with Okta SCIM and SAML Auth

The following steps illustrate configuring Netskope IdP with SAML Auth. For information on OKTA SCIM integration see the Netskope OKTA SCIM Provisioning topic.

Getting Okta SignOn URLs and Certificates

1. Login to OKTA admin UI, and go to Applications > Applications > Netskope SAML app

   

2. Open the “Sign On” tab, and click “More details” under SAML 2.0.

   

3. Copy Sign on URL and Issuer URL and download the Signing Certificate.

   

Setup SAML Account in Netskope Tenant

1. Login to Netskope tenant WebUI

2. Go to Settings > Security Cloud Platform > Forward Proxy > SAML, and click New Account

   

3. Paste the following details from OKTA into the New Account pop-up window

   • Sign on URL to-> IDP SSO URL

   • Issuer URL to-> IDP ENTITY ID

   • Upload the Signing Certificate.

     

4. Go to Settings > Security Cloud Platform > Forward Proxy > SAML, and click Netskope Settings and copy SAML Entity ID, SAML Proxy ACS URL

   

   ---

   

Update Netskope SAML App in OKTA

1. Go to OKTA admin UI, and in the Sign On tab, and click Edit.

   

2. Update the following values copied from Netskope Settings in Netskope tenant WebUI:

   • Paste SAML Proxy ACS URL to-> SAML ACS URL

   • Paste SAML Entity ID to-> SAML Entity ID

   • Select Email in Application name format.

     

Enable New Account in Netskope Admin WebUI

In the Netskope admin WebUI, enable the New Account status. Go to Settings > Security Cloud Platform > Forward Proxy > SAML, and open the new account profile and change to Enabled of STATUS, and click SAVE.