Netskope Help

Update the ACS Override URL in Okta
  1. Now we have to change the ACS override URL in OKTA. Download the postman application. https://www.getpostman.com/ Install it on your machine, we are going to use this to update the ACS URL.

  2. Before we do that, we need to create a token API key in OKTA. Go to your OKTA console, click on API under Security.

    image13.jpeg
  3. Click on Tokens and next create Token.

    image14.jpeg
  4. Enter a name for the token, on the next screen make sure to copy the token somewhere. You cannot retrieve it back after you close the window.

  5. Next go to postman, on the GET request URL, put in your OKTA URL https://dev- 834381.okta.com/api/v1/apps/<app ID> < your URL and app ID will be different as the dev ID is different. APP ID can be retrieve from OKTA

  6. Go back to OKTA and click on applications > G Suite. The red rectangle is your APP ID, copy and replace in the URL above. It will look like this > https://dev- 834381.okta.com/api/v1/apps/0oansashpbqVf8NZy356

    image15.jpeg
  7. Next we need to configure some parameters in postman. Go to Headers, add in Authorization key, the key value is the value you have copied in step 9 above. Append SSWS before that and put it in the value. Next add in content-type – application/json and Accept – application/json

    image16.png
  8. Next hit the send button, if everything is correct, you will get the return results.

    image17.jpeg
  9. Copy the main body, we are going to paste the json in a PUT request. Change the GET to PUT then go to Body and select RAW, paste what you have copied there.

    image18.jpeg
  10. The next thing we need to do is to amend the value of “ssoAcsUrlOverride”

  11. Go back to postman > find the entry “ssoAcsUrlOverride”, we are going to paste the SAML Proxy ACS URL with double quotes.

    image20.jpeg
  12. Click on Send, if everything is done correctly, you will get a return respond at the bottom. Check and make sure the entry is there and it is correct.

  13. That’s it, next test the login from OKTA login page or accounts.google.com page.