Ask the community

[HOW-TO] - Configure Tenant SSO with PingOne

ryans
Netskope
Netskope

Ping Identity’s PingOne platform provides the ability to define a SAML-compatible application that can be used for granting access to the Netskope Admin Console. This guide will walk you through the steps for creating a custom application to meet this use case.

 

Ping does not provide a pre-built application for SAML SSO - a custom application is required Ping One does not support SCIM for User and Group provisioning - you will need Ping Federate with the SCIM SaaS Provisioner integration.

 

Instructions

Follow the below steps to create the custom SAML integration. The high-level process is to a) define a custom attribute that will contain the Netskope Admin Role; b) create the custom SAML application; and c) configure the Netskope tenant for SSO with Ping One.

  1. Login to the Ping console
  2. Click on your target Environment

 

ryans_1-1687622570191.png

 

  1. Expand Identities and click on Attributes
  2. Click the Plus sign to add a new attribute
  3. Choose Declared as the Attribute Type and click Next

 

ryans_2-1687622570199.png

 

 

  1. Define the new Attribute
    1. Name = Netskope Admin Role
    2. Display Name = Netskope Admin Role
    3. Description = Contains the name of the role the user will have in the Netskope Admin Console (Optional)

 

ryans_3-1687622570200.png

 

  1. Click Save
  2. Add the new Attribute to your user(s)
    1. Navigate to Users
    2. Click on the target user
    3. Click the Pencil next to personal Info to edit the user profile

 

ryans_4-1687622570200.png

 

  1. Scroll to Custom Attributes
  2. Click the Add button and choose the Netskope Admin Role attribute

 

ryans_5-1687622570201.png

 

  1. Set the value to match the role defined in the Netskope UI - predefined roles with spaces are supported. (Ex: Delegated Admin)

 

ryans_6-1687622570202.png

 

  1. Click Save
  1. Expand Connections and click on Applications
  2. Click the + sign

 

ryans_25-1687622959466.png

 

 

  1. Fill out the following information
    1. Application Name = Netskope Admin Console
    2. Description = Grant access to the Netskope Admin Console
    3. Icon = Optional
    4. Application Type = SAML Application

ryans_8-1687622570207.png

 

 

  1. Click Configure
  2. On the SAML Configuration dialog, select Manually Enter and provide the following details from Settings > Administration > SSO
    1. ACS URL = https://<TENANT>.goskope.com/saml/acs
    2. Entity ID = Service Provider Entity ID

ryans_9-1687622570209.png

 

ryans_24-1687622910282.png

 

 

  1. Click Save
  2. Click on the Configuration tab of the application details and make note of the information - you’ll need this information to complete the setup in the Netskope UI

 

ryans_23-1687622888847.png

 

 

  1. Click on Attribute Mappings in the application details
  2. Click the Pencil icon on the right to edit the SAML attributes

 

ryans_22-1687622855391.png

 

 

  1. Add / Edit the following SAML attributes and click Save
    1. saml_subject = Email Address
    2. admin-role = Netskope Admin Role (custom attribute you built earlier) Required
    3. emailaddress = Email Address
    4. givenname = Given Name
    5. surname = Family Name

 

ryans_21-1687622825728.png

 

  1. Toggle the application to be enabled

 

ryans_19-1687622735679.png

 

 

ryans_20-1687622744656.png

 

 

  1. In the Netskope tenant, navigate to Settings > Administration > SSO
  2. Click on Edit Settings under SSO/SLO Settings
  3. Enter the following information
    1. IDP URL = Initiate Single Sign-On URL
    2. Issuer ID = IDP Entity ID
    3. IDP Certificate = Download Signing Certificate in CRT format
      1. Open with text editor
      2. Copy and paste into Netskope dialog
    4. IDP SLO URL = Single Logout Service (Optional)
  4. Click Submit to save your settings

 

  1. Test the sign-on process
    1. Logout of the Netskope Console or launch an incognito window and go to https://<TENANT>goskope.com. You should be redirected to Ping to login

 

ryans_18-1687622615446.png

 

 

0 Replies 0
Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In