Netskope Help

Reverse Proxy with Okta

This document explains a new way to integrate Okta with the Netskope SAML reverse proxy for a SaaS application, like Salesforce or Office 365. First establish single sign-on (SSO) between Okta and the SaaS application, then configure Netskope to be the SAML reverse proxy. To complete the integration, use an API request to modify the Okta App configuration to override the endpoint URL and use the Netskope SAML reverse proxy instead of the original SaaS application. 

Note

These instructions are for new Okta integrations using the ACS URL Override implemented in 2018.

To watch a video about Neskope Reverse Proxy for Salesforce with Okta, click play.

 
Prerequisites

In order to complete the instructions in this document, you must first:

  • Have existing Okta and SaaS application admin accounts

  • Configure Okta for a Saas application with SAML following Okta's instructions  Setting Up a SAML Application in Okta. While configuring the SaaS application, click View Setup Instructions on the Settings page after adding an application, and then copy the IdP SSO URL, IdP Issuer URL, and certificate. You will need these during this procedure.

  • Establish an SSO connection between the SaaS application and Okta and then verify it works. Refer to the SaaS application's Help documentation for instructions.

Before you begin, download the Postman app. You will need this app (or a similar app) to add the SSO ACS URL override described in this document.