SAML Client Profile

SAML Client Profile

The Client SSO integration allows organizations to enforce steering cloud application traffic to Netskope Cloud for very precise and granular analysis. In scenarios where the Netskope Client is not present or disabled on the end user’s device, the user is redirected from the Single Sign On (SSO) portal to a location from where the user can download the Netskope Client or request for the Client.

Create Enterprise Application

To create an enterprise application:

  1. Log into Microsoft Azure.

  2. Go to Microsoft Entra ID > Manage > Enterprise Applications.

  3. Click +New Application.

  4. Click Create your own application.

  5. In Create your own application, perform the following:

    1. Add Netskpe Client in What’s the name of your app?

    2. Continue with the default option Integrate any other application you don’t find in the gallery (Non-gallery) in What are you looking to do with your application?

    3. Click Create.

Setup Single Sign On

After you complete creating your application, proceed to set up a single sign on. In the Overview page, click Set up single sign on under Getting Started.

To set up single sign on:

  1. Click Set up Single Sign On > SAML.

  2. In Set up Single Sign-On with SAML, click the edit icon for Basic SAML Configuration.

  3. In the Basic SAML Configuration window, enter the following:

    • Identifier(Entity ID)

    • Reply URL(Assertion Consumer Service URL)

  4. Click Save.

  5. Under SAML Certificates, download the certificates in the Base64 format.

Assign the Enterprise Application

Assign the enterprise application to the desired users and groups using the following instructions:

  1. Go to Manage > Users and groups.

  2. Click +User/group.

  3. Assign users and groups to the application.

  4. Click Assign.

Netskope SAML Account Configuration

To configure account in the Netskope tenant, perform the following:

  1. Go to Settings > Security Cloud Platform > Netskope Client > SAML.

  2. Click New Account.

  3. In the New Account window, enter the following details:

    • Name: Enter a name for the app.

    • Application: Microsoft Accounts.

    • ACS URL: The Microsoft Entra Identifier. Paster the identifier from the Entra admin center.

    • IdP SSO URL: Paste the Login URL copied from the Entra admin center.

    • IdP Certificate: Paste the contents of the SAML Signing Certificate downloaded from the Entra admin center.

  4. Click Save and View Netskope Settings.

    After you review the Netskope Settings, copy and paste the SAML Proxy IdP URL and SAML proxy ACS URL in the Identifier and Reply URL fields respectively in the Basic SAML Configuration.

View Netskope Client

After completing the entire configuration, the user can now see Netskope Client added in their SSO.

Share this Doc

SAML Client Profile

Or copy link

In this topic ...