SAML Authentication with Entra ID
SAML Authentication with Entra ID
-
Log in to the Microsoft Entra admin center https://entra.microsoft.com
-
Go to Applications > Enterprise Applications and click New Application.
-
Enter Netskope in the search bar. Select Netskope User Authentication. Enter a name, for example, Netskope Authentication (for example). Click Create.
-
After the app is created, you will be redirected to the app’s overview page. Select Single sign-on > SAML.
-
Click Edit to enter the Basic SAML Configuration parameters.
-
Enter Netskope Entity ID and Netskope ACS URL copied from the Netskope UI in the required fields, and then click Save.
You will be prompted to test SSO. Select No, I’ll test later.
-
Go to and edit the Attributes & Claims section.
Delete all the default Additional claims. You only need the Required Claim.
-
Select the value to edit the Unique User Identifier (Name ID) field.
-
Set the Source attribute as user.mail and click Save.
-
user.mail is set as the claim value for Name ID. Click on the x to close this section.
-
Download the certificate in Certificate (Base64) format, and copy the Login URL and Azure AD Identifier values. These need to be entered into the Netskope Forward Proxy – SAML settings page later on.
-
Next, assign users who will log in using the Entra ID SAML Auth. Go to Users and Groups > Add user/group.
-
Select Users and groups. Select the users, and then click Select.
-
Click Assign to complete this procedure.
If you want to use Group assignments, then you need at least a Microsoft P2 license or above. This may not apply in the future if Microsoft updates its software licensing models.