Network drive access & Auth prompt

  • 8 September 2023
  • 7 replies
  • 20 views

Badge +8

Hi team,

 

I looking for a configuration where the user try to access the prvt apps whenever they tried the user get auth prompt for the Pvt apps only please let me know if it's possible to do so as I'm currently doing one POC so i get this requirement from customer end.

 

Also please let us know the configuration to access network drive with the help of NPA.

The user access the folders like go to THISPC on upper side bar write //x.x.x.10 IP e.g and access the network share folder I want this to acheive by Netskope I do follow the steps of SMB configuration but required a details regarding this please help me out with this configuration.


7 replies

Userlevel 6
Badge +16

Hello @farhan,

 

As I understand it, users are being prompted for authentication when accessing apps over NPA?  I assume this is a Windows environment using kerberos and SSO?  If so, then you must configure both the SMB best practices you referenced and the Active Directory best practices found here. If both of these are configured for a POV and you're still seeing auth prompts, we would need to better understand the environment and it might make more sense to reach out to your local Netskope account team or support.  

Badge +8

Hi @sshiflett 

 

There are two scenarios here 1) the customer wants the auth prompt when user trying to access any prvt apps. Let suppose I try to access perimeter firewall so user get auth prompt to auth (not fw login creds) the basic windows login auth.

Also can we do this necessary to user whenever user turn on laptop they get prompt for internet access by Netskope and for prvt apps as well.

 

2) there is a network drive they access by //xyz (private IP) and this is i beleive SMB so how can I acheive this what port has been used please let me know.

Userlevel 6
Badge +16

Hello @farhan,

 

Scenario 1

Administrators can enable periodic reauth in this case.  This will require the user to authenticate (and MFA) via your identity provider on an interval set by an admin.  They can optionally also require this on logon as well which would include restarts.  The administrator must configure a SAML integration with their identity provider to use this feature.   For more info look here. 

 

Scenario 2

If they want to access the file share (network drive) by SMB via IP address, then you must ensure that you have an app definition with that IP address and TCP 445 defined.  Please ensure it's also assigned in a real time policy to the user trying to access it as well.  You may need to confirm that it's using standard ports.  

Badge +8

Okay so we required SAML and IdP need to be configured for Auth prompt also for internet access (SWG) Do we require the same right 

 

For SMB I need to check in firewall which port has been used for file access.can you give me the list of standard port which supported by NPA.

 

Userlevel 6
Badge +16

NPA supports any TCP or UDP based traffic regardless of port.  For testing, you could allow all ports to the specified IP and capture which ports are in use.  

Badge +8

Thanks @sshiflett 

 

Can you please provide me the proper docs for SAML integration with IdP.

Userlevel 6
Badge +16

The documentation varies by identity provider.  Do you know what Identity Provider is in use?  Keep in mind the reauth uses the same IDP integration as Forward Auth Proxy so if you already have this configured, you will not need to create another integration. 

Reply