This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

Enabling Netskope before login

RGE_Master
New Contributor

‎11-05-2021 06:08 AM - last edited on ‎11-05-2021 01:53 PM by Moderator

Good afternoon all,

 

So I've made some great progress on getting netskope to run so I can access all my network resources etc when it's up and running. However I've run into an issue when it comes to doing a remote Hybrid AD join.

 

The application is packaged up and working

 

I can access my domain controllers when not on a VPN through netskope private access.

 

What I can't do at the moment is domain join machines remotely, is there a way that I can for want of a better word, bodge the install or configure it in such a way so I can open network access and then authenticate against my on-prem domain controllers? I read somewhere that you can use NSBranding.JSON or something to enable the configuration but I can't find any official documentation.

 

Thanks

RGE_Master

Labels:
0 Likes
30 Replies 30
stevej
Netskope
Netskope

‎11-08-2021 05:10 AM

Good morning RGE_Master,

 

Currently, Private Access only runs in as the logged in user and there is currently no way with the current product to have a tunnel come up prior to login. Do you have a local admin account provisioned on these devices? If so, my suggestion is to log in for the first time with the local admin account, which will allow the NPA tunnel to connect, then do a domain join. Do not reboot, but instead after joining the domain, switch user to a domain user which will then cache the credentials of the now logged in domain user. 

 

I would also suggest reaching out to your SE so they can line up a call with the product manager so you can hear of our plans to better address this use case in the coming months.

KunalShah
Netskope
Netskope

‎12-03-2021 04:42 PM

Hello,

 

We are actively developing capability in NPA, to allow Windows PCs to connect to Domain Controllers, w/o requiring the user to authenticate into the Netskope Client. This would be similar to the Pre-login capability that exists in traditional VPN solutions. Is this something you are interested in learning more about? If so, please DM me or have your account team ping me.

 

Kunal Shah,

Product Manager,

Netskope Private Access

EleComte
New Contributor II
In response to KunalShah

‎02-12-2022 07:12 AM

Hi Kunal,

Our company also would benefit greatly from the pre-login capability for Domain Controller connectivity.

Best regards,

Etienne le Comte

Solution Architect TBI

0 Likes
KunalShah
Netskope
Netskope
In response to EleComte

‎02-14-2022 01:24 PM

Hello,

 

Please send me a DM with your email info. I would like to setup sometime to review the solution that is under development.

 

Kunal

EleComte
New Contributor II
In response to KunalShah

‎04-27-2022 06:22 AM

Hi Kunal,

 

I just sent the DM. 

 

Etienne

0 Likes
chrisisinclair
New Contributor III

‎04-26-2022 12:12 PM

We would also be very interested in this

0 Likes
JulieB
Community Manager
Community Manager
In response to chrisisinclair

‎04-27-2022 07:19 AM

@KunalShah can you help @chrisisinclair? This member is interested in learning more about the pre-login capability for Domain Controller connectivity.  

Julie Brancik Senior Manager, Community Operations
0 Likes
JulieB
Community Manager
Community Manager
In response to chrisisinclair

‎04-27-2022 07:24 AM

Hi, @chrisisinclair.  Welcome to the community!  I'm on the community team (not an SME).  Let me know if you need any help with the community.  Just @mention @JulieB and I can help you to find the right staff to answer your questions.  Also, feel free to send me any community feedback through a DM.  Thanks again for joining us!   

 

Best,

Julie

Julie Brancik Senior Manager, Community Operations
0 Likes
mkoyfman
Netskope
Netskope
In response to chrisisinclair

‎05-20-2022 11:44 AM

@chrisisinclair DM me so that we can connect and discuss

0 Likes
jdom
New Contributor II

‎05-13-2022 11:02 AM

Can someone here confirm if NPA Pre-Logon is GA yet?

0 Likes
mkoyfman
Netskope
Netskope
In response to jdom

‎05-20-2022 11:43 AM

@jdom not yet, still in beta - but works pretty darn well and we're close.  Feel free to DM me if you want to connect to get more info or get your hands on it earlier.

0 Likes
jdom
New Contributor II
In response to mkoyfman

‎05-20-2022 02:08 PM

We do have access but I can't say with confidence that Pre-Logon is working at all for us.
But I think we may just wait until it is GA before pursuing it again.

0 Likes
KunalShah
Netskope
Netskope
In response to jdom

‎05-20-2022 02:15 PM

@jdom I am the Product Manager for NPA. I would like my team to assist you with pre-logon testing and also review your use case. What is the best way to reach you? 

 

Kunal

0 Likes
jdom
New Contributor II
In response to KunalShah

‎05-23-2022 10:42 AM

I will shoot you a DM with details.

0 Likes
KunalShah
Netskope
Netskope
In response to KunalShah

‎06-10-2022 05:35 AM

Hello @jdom , I hope the call to review the prelogon config was useful. Is prelogon working as expected?

0 Likes
jdom
New Contributor II
In response to KunalShah

‎06-10-2022 01:16 PM

Hello @KunalShah,

 

The call was very informative!  However, we've chose to wait for GA since I recall we discovered we were facing an issue in the Netskope client that would be fixed in next release.

We have recently moved the entire organization to NPA so Pre-login will be an exciting next step.

0 Likes
KunalShah
Netskope
Netskope
In response to jdom

‎06-13-2022 05:27 PM

@jdom glad to hear this. We will keep you posted on GA.

0 Likes
AidanH
Partner
Partner
In response to KunalShah

‎08-17-2022 11:25 PM

Hi @KunalShah Any news on the GA for this and also if multiuser mode will be supported?

0 Likes
KunalShah
Netskope
Netskope
In response to AidanH

‎09-02-2022 03:33 PM

@AidanH NPA Prelogon is GA starting with Netskope Client 97.1 release.. Documentation is available here - https://docs.netskope.com/en/netskope-client-configuration.html#UUID-1e7e72e4-74ef-f041-8dec-ee64a30...

0 Likes
EleComte
New Contributor II

‎06-23-2022 01:59 AM

We are also testing NPA with Pre-Login. Works fine, so looking forward to GA.

0 Likes
chrisisinclair
New Contributor III

‎06-30-2022 11:01 AM

PreLogin itself has been working well for us but unfortunately since it is not compatible with MultiUserMode (the "puruser" install flag) we will unfortunately have to wait until it is to deploy out to our fleet

0 Likes
jdom
New Contributor II
In response to chrisisinclair

‎06-30-2022 11:16 AM

@chrisisinclair What sort of issues are you encountering?

0 Likes
chrisisinclair
New Contributor III
In response to jdom

‎06-30-2022 11:38 AM

We deploy all Netskope clients in multi user mode (the default is single user). This ensures that the client updates policies and logs traffic under the current logged in user instead of locking a particular machine to the very first user who logs in. 

 

Currently PreLogin does not work with multi user mode (according to their support) so while the IT staff we have that tested Pre Login and found it to work well (we confirmed windows laptops even authenticate against AD with the right settings!) we are not going to enable it until they get it working with multi user. 

0 Likes
jdom
New Contributor II
In response to chrisisinclair

‎06-30-2022 11:46 AM

@KunalShah Is the multi user mode truly not supported? We also use mode=peruserconfig in our deployments. Although our devices are usually 'owned' by one primary user the reality is any other user may login to a device. This is especially true for our "loaner' laptops and test PCs we have deployed in our office locations around the world.

We were looking forward to GA in July

EleComte
New Contributor II
In response to chrisisinclair

‎06-30-2022 11:47 AM

Multiuser together with prelogon would be an ideal combination for our organisation as well. I basic situations we have 5000+ users with their "own/dedicated" laptop, but we need to be able to change the "user assignment" with on-off-reboarding scenario's.

chrisisinclair
New Contributor III
In response to EleComte

‎06-30-2022 11:49 AM

That is exactly our use case as well - and in addition usually one of our helpdesk staff will logon to the laptop right after being imaged to finish up a few quick tasks before it is deployed to the user - if single user mode is enabled then the laptop unfortunately gets locked to the helpdesk user account. Of course this is no good as whatever user policies are supposed to apply to the end user will not apply (it will apply the users assigned to the helpdesk user)

Siva
Contributor

‎09-17-2022 06:39 PM

Hi There, We are interested in PreLogin for peruser mode. Any updates whether its in the roadmap? 

0 Likes
KunalShah
Netskope
Netskope

‎09-19-2022 01:48 PM

@Siva prelogin with peruser mode is available starting R97.1 NS Client release.

0 Likes
Siva
Contributor
In response to KunalShah

‎09-19-2022 06:09 PM - edited ‎09-19-2022 06:09 PM

Great 97.1 supports Prelogon on perusermode, 

 

Couple of questions @KunalShah 

  1. Do we need to specify prelogonuser= argument during msi install with 97.1x?
  2. Since Client Configs does not allow  the use of same prelogin account in different Configs , what is expected behavior when different users associated to different client configs login to the perusermode configured machine? Would the prelogon account change to the one defined in client config pulled down by last logged in user?
0 Likes
Siva
Contributor

‎05-04-2023 01:12 PM

@KunalShah is prelogonuser argument required during install or just specifying it in client configuration enough? 

0 Likes
Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In