How to Configure SAML 2.0 for Netskope

Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL

To bypass the SSO use the https://[your-subdomain].goskope.com/locallogin URL.

Supported Features
Configuration Steps
Notes

Supported Features

The Okta/Netskope SAML integration currently supports the following features:

SP-initiated SSO
IdP-initiated SSO
JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

Login to your Netskope account as an administrator.
Click Settings in the bottom left corner:
Navigate to Administration > SSO:
In the Netskope Settings section make a copy of the Service Provider Entity Id value:
In the SSO/SLO Settings section click EDIT SETTINGS, then follow the steps below:
- Select Enable SSO and Sign SSO Authentication Request options.
- IDP URL: Copy and paste the following:
  
  Sign into the Okta Admin Dashboard to generate this variable.
- IDP ENTITY ID: Copy and paste the following:
  
  Sign into the Okta Admin Dashboard to generate this variable.
- IDP CERTIFICATE: Copy and paste the following:
```
Sign into the Okta Admin Dashboard to generate this variable.
```
- Click SUBMIT:
In Okta, select the Sign On tab for the Netskope SAML app, then click Edit:
- Enter your Service Provider Entity Id value you made a copy of in step 4 into the corresponding field.
- Click Save:
Optional: Group Attribute Steps: To send groups as a part of SAML assertion, in Okta select the Sign On tab for the Netskope app, then click Edit.
- Select the appropriate filter from the drop-down menu, then type the preferred value into the field.
- Click Save.
  
  Note: To send all groups a user is assigned to, select Regex and type .* (dot and star sign).
Done!

Notes

Make sure that you entered the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Netskope. Supported formats are:
- tenant.eu
- tenant.fr
- tenant.de
- tenant.<etc>

The following SAML attributes are supported:

Name	Value
admin-role	This is configured in the app UI; see Group attribute instructions (step 7) above.

SP-initiated SSO

Go to: https://[your-subdomain].goskope.com URL.

How to Configure SAML 2.0 for Netskope

Contents

Supported Features

Configuration Steps

Notes

SP-initiated SSO