SAML Authentication with OKTA

SAML Authentication with OKTA

The following section illustrates the steps to set up SAML authentication via OKTA. Ensure that you have completed the provisioning steps as described here [okta provisioning link]

  1. In the newly created Netskope User Enrollment App (Netskope SAML Auth), go to the Sign On tab and click Edit.

  2. Under the SAML 2.0 section, click to expand More Details to view and copy the following. They will be required when creating a new account in SAML Forward Proxy in your Netskope tenant:

    • Sign on URL

    • Issuer URL

    • Download the Signing Certificate

The next set of steps will generate the necessary Netskope SSO URLs and certificate to configure the OKTA Sign on settings.

Generating Netskope SSO URLs and Certificate

  1. In the Netskope tenant WebUI, go to Settings > Security Cloud Platform > Forward Proxy > SAML, and click New Account. Update the following details from Okta into the New Account pop-up window:

    • Provide a Name

    • Select the Appropriate Access Methods this Account will apply to.

    • Copy the Sign-on URL from Okta to IDP SSO URL

    • Copy the Issuer URL from Okta to IDP ENTITY ID

    • Upload Signing certificate from Okta to IDP Certificate

    • Leave SAML Binding Method as the default, “HTTP Post Binding”.

    • Click Save.

  2. Next to the newly created SAML Forward Proxy account, select Netskope Settings and copy the SAML Entity ID, SAML Proxy ACS URL.

Update Netskope User Enrollment App in OKTA

  1. In the OKTA admin UI, go to the newly created Netskope User Enrollment App.

  2. Go to the Sign On tab and click Edit.

  3. In the Advanced Sign-on Settings section, update the following copied from the newly created Netskope SAML account.

    • Copy the SAML Proxy ACS URL from Netskope to SAML ACS URL

    • Copy the SAML Entity ID from Netskope to SAML Entity ID

    • Application UserName Format: Select either the Okta Username or Email, as long as the value sent matches the primary email address of the user.

  4. Click Save.

Enable New Account in Netskope Admin WebUI

In the Netskope admin WebUI, enable the New Account status.

  1. Go to Settings > Security Cloud Platform > Forward Proxy > SAML, and open the new SAML account.

  2. Change the status to Enabled and click SAVE.

Share this Doc

SAML Authentication with OKTA

Or copy link

In this topic ...