Solved

Clientless Browser Access

  • 26 March 2024
  • 2 replies
  • 124 views
E
Userlevel 1

Hi

I have configured a new NPA browser access for an end customer and we cannot make it work and I don’t know what’s failing, hope any of you can help me.

I have configured the reverse proxy account on Netskope tenant, as well as the Azure AD Enterprise application. On the netskope tenant I have also configured a new private application with the browser access enabled, and a real-time policy that allows the users that are also added on Azure’s Netskope application to access the private application.

 

When we have tested the solution, by accessing the application via browser typing the “public hostname” of the private application as the URL, it is redirected to Azure to authenticate the user, and the authentication works fine.

After authenticate the user, the browser is then redirected and we can see that it is finally redirected to the customer private host FQDN (which is not published on the Internet), so users can only access to the application via browser access when they are on-premise and using the company DNS, but not when they are off-premise.

 

I have checked several times the configuration and I don’t see where the problem can be… Could you help me to identify what’s happening?

 

Thanks in advance

Regards

icon

Best answer by sshiflett 2 April 2024, 19:17

View original

2 replies

S
Rank
Userlevel 6
Badge +16

Hello @ElTetu,


It sounds like the application may be using a hard coded redirect back to the application URL which is currently not published externally.    This might be due to the authentication flow of the app itself or a redirect within the app itself.  Is the domain it’s configured internally also available externally?  If so they can evaluate using the custom hostname method and a CNAME redirect in their external DNS referenced here:

https://docs.netskope.com/en/netskope-help/data-security/netskope-private-access/private-app-management/configure-browser-access-for-private-apps/

This will ensure that even with the redirect the app functions properly.  If you’d like a deeper discussion of how this would work or verifying this would resolve the issue I’d suggest reaching out to your local Sales Engineer or Channel Sales Engineer.  

Sam ShiflettNetskope Solution Architect - North America
E
Userlevel 1

Hello @ElTetu,


It sounds like the application may be using a hard coded redirect back to the application URL which is currently not published externally.    This might be due to the authentication flow of the app itself or a redirect within the app itself.  Is the domain it’s configured internally also available externally?  If so they can evaluate using the custom hostname method and a CNAME redirect in their external DNS referenced here:

https://docs.netskope.com/en/netskope-help/data-security/netskope-private-access/private-app-management/configure-browser-access-for-private-apps/

This will ensure that even with the redirect the app functions properly.  If you’d like a deeper discussion of how this would work or verifying this would resolve the issue I’d suggest reaching out to your local Sales Engineer or Channel Sales Engineer.  

Hi @sshiflett 

Thanks for your response and help!

Yes, after talking with customer they told me that the applications that had this problem where located behind an internal proxy not related with Netskope. When they tried the same configuration and settings of the Browser Access to an application that’s not behind that proxy it works fine, so it seems that this redirection is something that happens within their network

 

Thank you!

Regards

Reply


Terms & ConditionsCookie settings