Skip to main content
Solved

MFA for Private Apps on AD on-prem environment

  • February 10, 2025
  • 4 replies
  • 87 views
E

If a customer environment only have an AD on-premises for their users, and want to set a MFA whenever their users try to access a private app, can it be configured somehow, or MFA integration witj Netskope is only supported on cloud IdP environments?

Best answer by sshiflett

@ElTetu
 

Your understanding is correct.  NPA and other Netskope services invoke SAML which can then use whatever MFA the administrator chooses.    ADFS may be the best option if they are entirely on premise today but ultimately they will need an IDP with SAML support. 

View original
Did this topic help you find an answer to your question?

4 replies

S
Netskope Employee
Forum|alt.badge.img+16
  • sshiflett
  • Netskope Employee
  • 245 replies
  • February 20, 2025

@ElTetu

NPA authentication is based on SAML integration with your identity provider.   This identity provider can be cloud or on-prem such as ADFS or PingFederate.  Who are you using for MFA today? 

Sam Shiflett | Netskope Solution Architect - North America
E
  • ElTetu
  • Author
  • New Member III
  • 9 replies
  • February 21, 2025

Hi ​@sshiflett 

 

Thanks for your response!

I’m facing an end customer environment where they have multiple sites, with local ADs, but they are not federated (so it’s not really an ADFS solution), they are using only local users.

 

Now they are considering to implement a NPA solution, but they worry that the NPA itself doesn’t have an MFA. I have told them that we can integrate Netskope with some MFA solution, but first of all we would need to authenticate the users with a SAML IdP (to be honest I told them to use a cloud IdP, and did not mention the ADFS)

So that’s when I thought to ask here, if could be possible to integrate a MFA solution on an environment with local authentication (no SAML based). I think it’s not possible, but looking for a confirmation or double check

 

Thanks!

regards

S
Netskope Employee
Forum|alt.badge.img+16
  • sshiflett
  • Netskope Employee
  • 245 replies
  • Answer
  • February 24, 2025

@ElTetu
 

Your understanding is correct.  NPA and other Netskope services invoke SAML which can then use whatever MFA the administrator chooses.    ADFS may be the best option if they are entirely on premise today but ultimately they will need an IDP with SAML support. 

Sam Shiflett | Netskope Solution Architect - North America
E
1 person likes this
  • E
    ElTetu
E
  • ElTetu
  • Author
  • New Member III
  • 9 replies
  • February 24, 2025

Thanks for a good and clear answer as usual ​@sshiflett !

I’ll tell end customer that as expected we would need to authenticate the users with a SAML based solution in order to integrate a MFA service

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings