I would like to get some clarification on a Netskope SWG + DLP deployment scenario.We have established a firewall tunnel to the Netskope cloud and integrated ADFS for user authentication. Both corporate-managed devices and BYOD devices (phones and personal laptops) are connected to the same LAN and their traffic is forwarded to Netskope through the tunnel.My question is regarding BYOD behavior: When ADFS authentication is enabled, are BYOD devices expected to experience browsing or authentication issues? How does Netskope handle user identification and authentication for non-domain-joined devices in this setup? Are there recommended best practices for handling BYOD traffic when using ADFS with a firewall-based forwarding architecture? Any guidance or real-world experience would be appreciated.

Question

ADFS Authentication for BYOD for SWG

Forum|Forum|22 days ago
December 13, 2025
1 reply
27 views

bismarkky-78715a38
Netskope Partner

I would like to get some clarification on a Netskope SWG + DLP deployment scenario.

We have established a firewall tunnel to the Netskope cloud and integrated ADFS for user authentication. Both corporate-managed devices and BYOD devices (phones and personal laptops) are connected to the same LAN and their traffic is forwarded to Netskope through the tunnel.

My question is regarding BYOD behavior:

When ADFS authentication is enabled, are BYOD devices expected to experience browsing or authentication issues?
How does Netskope handle user identification and authentication for non-domain-joined devices in this setup?
Are there recommended best practices for handling BYOD traffic when using ADFS with a firewall-based forwarding architecture?

Any guidance or real-world experience would be appreciated.

notskope
New Member III
Forum|Forum|19 days ago
December 16, 2025

When ADFS authentication is enabled, are BYOD devices expected to experience browsing or authentication issues?

It depends if you are using SSL decryption or not. If you are decrypting SSL traffic through the tunnel your BYOD devices will not be able to browse HTTPS sites without SSL errors.

How does Netskope handle user identification and authentication for non-domain-joined devices in this setup?

Netskope does not care at all if your devices are AD joined when steering via an IPSEC/GRE tunnel. Authentication is done via SAML for both (unless bypassed) and uses IP or cookie caching (if you have enabled it).

Are there recommended best practices for handling BYOD traffic when using ADFS with a firewall-based forwarding architecture?

I don’t know of anything specific to ADFS, but:

Both corporate-managed devices and BYOD devices (phones and personal laptops) are connected to the same LAN and their traffic is forwarded to Netskope through the tunnel.

You should really not have managed and unmanaged devices on the same network. One reason being the above SSL decryption issues. Decrypt the traffic from managed devices and do not decrypt BYOD traffic.

Former Netskope PS Consultant, Current Netskope customer

Like

ADFS Authentication for BYOD for SWG

1 reply

Badges Winner

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Badges Winner

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Sign up

Sign in or register securely using Single Sign-On (SSO)

Login to the community

Sign in or register securely using Single Sign-On (SSO)

Scanning file for viruses.

This file cannot be downloaded