Netskope Help

SAML Forward Proxy

This feature is a mode of Netskope's forward proxy. Enabling this feature allows you to deploy Netskope and continue your current SAML deployment for authentication. You can use Netskope as an authentication mode to integrate with an Identity Provider (IdP).

Enable SAML Forward Proxy

The SAML Forward Proxy must be configured with the Assertion Consumer Service (ACS) URL, IdP URL, and IdP Certificate by following this procedure.

  1. Go to Settings > Security Cloud Platform > Forward Proxy > SAML. The SAML Entity ID and the SAML Access URL are listed here for your reference, along with a button to download the SAML certificate.

    • SAML Entity ID: Unique name for your SAML entity that identifies Netskope as the issuer of the SAML request, response, and assertion.

    • SAML Access URL: The SAML URL that supports HTTP POST binding that Netskope uses to allow users to sign in.

    • Download SAML Certificate: Click the link to download the certificate.

  2. Click Add Account. The Add SAML Account window opens.

  3. Configure these parameters:

    • Name: Enter a name identifying the account.

    • IdP URL: Contact your third party Identity Provider and add the unique IdP login URL in this field.

    • IdP Entity ID: An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IdP) or a Service Provider (SP).

    • IdP Certificate: Copy and paste the PEM format certificate of the third party IdP in this field. This is required by Netskope to validate the signature of the SAML assertion.

    • Alternate User ID Field: Netskope looks at the NameID field in the SAML assertion to get the user identity. If you would like to use another field for user identification, type the name of the SAML attribute in this field.

    • Group Attribute: Specifies the name of the group membership attribute. Only one membership attribute can be defined for each LDAP repository.

  4. Click Save.