SSO Access for Netskope Support

SSO Access for Netskope Support

The Cloud Exchange has recently introduced support for additional Single Sign-On (SSO) options. This new functionality allows Netskope Support to efficiently troubleshoot your environments with the new SSO options. By leveraging these SSO options, the Support engineers can access customer environments without requiring their login credentials, ensuring a more secure and streamlined troubleshooting experience.

If Cloud Exchange is deployed on-premises, you may need to grant Support access to your instance to configure additional SSO options. This ensures a smooth configuration process, and enables Support to efficiently troubleshoot any issues. Netskope recommends that you provide detailed instructions or remote access to their instance to facilitate the configuration process.

Configure SSO in Cloud Exchange

  1. Log in to Cloud Exchange.
  2. Go to Settings > Users > SSO Configurations.
  3. Enable the SSO toggle.
  4. Make a note of these SSO Configurations.
    Cloud Exchange FieldExample (http://10.50.3.24/)
    Service Provider Entity IDhttp://10.50.3.24/api/metadata?sre=true
    Service Provider ACS URLhttp://10.50.3.24/api/ssoauth?acssre=true
    Service Provider SLS URLhttp://10.50.3.24/api/slslogout

    You need to add sre as additional parameters in value.

  5. Copy these variables. You need to add all these variables in the docker-compose.yml file.
    Environment VariablesDescription
    SRE_IDP_IDENTITY_IDIdentity Provider Issuer ID
    SRE_IDP_SSO_URLIdentity Provider single sign on URL.
    SRE_IDP_SLO_URLIdentity Provider single logout URL.
    SRE_IDP_X509_CERTPublic x509 Certificate
  6. Run these commands to set environment variables.
    1. Go into the existing ta_cloud_exchange directory.
    2. Stop the CE containers.

      $ ./stop

    3. Open the yml file to set up environment variables.

      Linux: $ vi docker-compose.yml

      Redhat: $ sudo vi podman-compose.yml

    4. Put the environment variables into core service in the yml file.

      core:

      image: index.docker.io/${CORE_TAG}

      environment:

      SRE_IDP_IDENTITY_ID=<value>

      SRE_IDP_SSO_URL=<value>

      SRE_IDP_SLO_URL=<value>

      SRE_IDP_X509_CERT=<value>

    5. Save the file.
  7. Start the CE Services:

    $ ./start

The Netskope Support now has the ability to access your Cloud Exchange through the /netskopesso endpoint using SSO.

Configure Force Authentication

  1. Go to Settings > Users > SSO Configurations.
  2. If toggle is enabled, the user will be forced to re-authenticate on every login of CE, even if they have a valid session.
Share this Doc

SSO Access for Netskope Support

Or copy link

In this topic ...