Ask the community

Netskope Client with Azure AD Conditional access

New Contributor

Has anyone have a setup where you roll out Netskope client to all your endpoints and configure Azure AD conditional access to allow connections to Microsoft services if they come via Netskope IP?


we are doing this as part of our own ZTNA setup to only allow trusted devices/location. 


The setup works well with one minor problem. Netskope will have occasionally tunnel down/up (e.g. switching from LAN/docked to Wifi, etc) and that causes netskope to disabled momentarily before re-enabling again. (which means momentarily it shows attempting connection from non netskope IP)


This then lead to services e.g. teams, outlook etc require authentication immidiately which is not the best end user experience. 


Has anyone encounter this and able to suggest solution/workaround? I dont want to change trusted location to country based as that defeat the purpose of the ZTNA we are doing.

2 Replies 2

Hello @TjhiaS,

What function of AzureAD Conditional Access is causing the immediate authentication attempt?  We might want to look at tuning the authentication timers or other options.  

Sam Shiflett
Netskope Solution Architect - North America
New Contributor

We solved this ourselves in the end through different mechanisms but achieving same result. 


Netskope client will always have a momentarily disconnection if network is switching. If conditional access is set to only allow netskope IP and no other IP, then outlook, teams, onedrive will fail instantly and have pop up for re-authentication request.



In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In