Netskope Help

Reverse Proxy as a Service Overview

This document describes the process for configuring Netskope and Azure AD to provide an option for unmanaged devices to be redirected to the Netskope platform, which helps organizations ensure that any access from unmanaged devices is blocked unless the connections are steered by Netskope's RaaS.


Reverse Proxy as a Service is designed to be used on devices without the Netskope Client, and devices not steered to an on-premise Secure Forwarder virtual appliance (VA) or data plane on-premises (DPOP) appliance.


The SP-initiated flow is not supported for Reverse Proxy as a Service. This is by design. The only way to access O365 using reverse proxy with the IdP is by first logging into and using the Reverse Proxy app. This flow will require you to authenticate twice.


To use Netskope's Reverse Proxy as a Service, you need an Azure admin account with a P1 or higher license.


Configuring Netskope's Reverse Proxy as a Service for O365 apps includes these primary steps:

  1. Create the RaaS app.

  2. Test the RaaS app.

  3. Configure the conditional access policy.

  4. Validate the conditional access policy.

To watch a video about Netskope Reverse Proxy as a Service with Azure AD, click play.