Ping Identity’s PingOne platform provides the ability to define a SAML-compatible application that can be used for granting access to the Netskope Admin Console. This guide will walk you through the steps for creating a custom application to meet this use case.

Ping does not provide a pre-built application for SAML SSO - a custom application is required Ping One does not support SCIM for User and Group provisioning - you will need Ping Federate with the SCIM SaaS Provisioner integration.

Instructions

Follow the below steps to create the custom SAML integration. The high-level process is to a) define a custom attribute that will contain the Netskope Admin Role; b) create the custom SAML application; and c) configure the Netskope tenant for SSO with Ping One.

1. Login to the Ping console


2. Click on your target Environment

3. Expand Identities and click on Attributes


4. Click the Plus sign to add a new attribute


5. Choose Declared as the Attribute Type and click Next

6. Define the new Attribute
   
   
   
   1. Name = Netskope Admin Role
   
   
   2. Display Name = Netskope Admin Role
   
   
   3. Description = Contains the name of the role the user will have in the Netskope Admin Console (Optional)
   
   
   
   

7. Click Save


8. Add the new Attribute to your user(s)
   
   
   
   1. Navigate to Users
   
   
   2. Click on the target user
   
   
   3. Click the Pencil next to personal Info to edit the user profile
   
   
   
   

4. Scroll to Custom Attributes


5. Click the Add button and choose the Netskope Admin Role attribute

6. Set the value to match the role defined in the Netskope UI - predefined roles with spaces are supported. (Ex: Delegated Admin)

7. Click Save

9. Expand Connections and click on Applications


10. Click the + sign

11. Fill out the following information
    
    
    
    1. Application Name = Netskope Admin Console
    
    
    2. Description = Grant access to the Netskope Admin Console
    
    
    3. Icon = Optional
    
    
    4. Application Type = SAML Application
    
    
    
    

12. Click Configure


13. On the SAML Configuration dialog, select Manually Enter and provide the following details from Settings > Administration > SSO
    
    
    
    1. ACS URL = https://<TENANT>.goskope.com/saml/acs
    
    
    2. Entity ID = Service Provider Entity ID
    
    
    
    

14. Click Save


15. Click on the Configuration tab of the application details and make note of the information - you’ll need this information to complete the setup in the Netskope UI

16. Click on Attribute Mappings in the application details


17. Click the Pencil icon on the right to edit the SAML attributes

18. Add / Edit the following SAML attributes and click Save
    
    
    
    1. saml_subject = Email Address
    
    
    2. admin-role = Netskope Admin Role (custom attribute you built earlier) Required
    
    
    3. emailaddress = Email Address
    
    
    4. givenname = Given Name
    
    
    5. surname = Family Name
    
    
    
    

19. Toggle the application to be enabled

20. In the Netskope tenant, navigate to Settings > Administration > SSO


21. Click on Edit Settings under SSO/SLO Settings


22. Enter the following information
    
    
    
    1. IDP URL = Initiate Single Sign-On URL
    
    
    2. Issuer ID = IDP Entity ID
    
    
    3. IDP Certificate = Download Signing Certificate in CRT format
       
       
       
       1. Open with text editor
       
       
       2. Copy and paste into Netskope dialog
       
       
       
       
    
    
    4. IDP SLO URL = Single Logout Service (Optional)
    
    
    
    


23. Click Submit to save your settings

24. Test the sign-on process
    
    
    
    1. Logout of the Netskope Console or launch an incognito window and go to https://<TENANT>goskope.com. You should be redirected to Ping to login