Use Client Re-authentication

Use Client Re-authentication

The Netskope Client can require a user to re-authenticate for access to private apps. IdP federation must be configured to use this feature. The Client and IdP prerequisites are:

  • All users must be authenticated via the IdP and imported into your Netskope tenant. The email address of the user must be available for all IdP authenticated users.
  • Configure your IdP in the Settings > Security Cloud Platform > SAML (under the Forward Proxy section ) in your Netskope Tenant UI. See SAML Forward Proxy for details.
  • Ensure that the URL nsauth-<tenant-URL> is publicly accessible. If not, please reach out to Netskope Support.
  • Re-authentication is configured and enabled on the Netskope Client.

To configure Client re-authentication:

  1. Go to Settings > Security Cloud Platform > Netskope Client > Devices and click Client Configuration. Click New Client Configuration.
  2. On the Tunnel Settings tab, enter a configuration name and select a user group (or OU) from the dropdown.
  3. Enable the Periodic re-authentication for Private Apps checkbox.
  4. Select a time period from the Interval dropdown for how often you want re-authentication to occur.
  5. To allow a user time to re-authenticate after the specified interval time has expired, enable the Grace Period checkbox and enter the amount of minutes. The grace period must be less than the interval.

The Netskope Client menu shows when re-authentication is enabled, and allows you to re-authenticate by clicking that option on the menu.

If the interval expires, the Netskope Client prompts the IdP sign-in window for re-authentication. If the grace period expires, the Netskope Client disconnects from Netskope Private Access.


To customize the authentication frequency, which requires a customization on the IdP, refer to Optimizing Identity Provider Settings for NPA Periodic Re-authentication.

Re-authenticate on Logon

Netskope Private Access supports the ability to force a user to re-authenticate into the Netskope Client if the user’s device has restarted, or if the user logs out of the PC and logs back into the device. Contact Support to enable this functionality in your tenant.

Share this Doc

Use Client Re-authentication

Or copy link

In this topic ...