Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Private Access
- Netskope Client with Azure AD Conditional access
Netskope Client with Azure AD Conditional access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2023 06:00 PM
Has anyone have a setup where you roll out Netskope client to all your endpoints and configure Azure AD conditional access to allow connections to Microsoft services if they come via Netskope IP?
we are doing this as part of our own ZTNA setup to only allow trusted devices/location.
The setup works well with one minor problem. Netskope will have occasionally tunnel down/up (e.g. switching from LAN/docked to Wifi, etc) and that causes netskope to disabled momentarily before re-enabling again. (which means momentarily it shows attempting connection from non netskope IP)
This then lead to services e.g. teams, outlook etc require authentication immidiately which is not the best end user experience.
Has anyone encounter this and able to suggest solution/workaround? I dont want to change trusted location to country based as that defeat the purpose of the ZTNA we are doing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2023 11:15 AM
Hello @TjhiaS,
What function of AzureAD Conditional Access is causing the immediate authentication attempt? We might want to look at tuning the authentication timers or other options.
Sam Shiflett
Netskope Solution Architect - North America
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2023 08:36 PM
We solved this ourselves in the end through different mechanisms but achieving same result.
Netskope client will always have a momentarily disconnection if network is switching. If conditional access is set to only allow netskope IP and no other IP, then outlook, teams, onedrive will fail instantly and have pop up for re-authentication request.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- CASB Operationalization Dashboard in Advanced Analytics Dashboard
- Need specific group of users to use NPA features only and AZURE AD. in Private Access for ZTNA
- SSPM : Monitoring Salesforce Delegated Group settings with SSPM in Security Posture Management
- NPA and DNS resolution issues in Private Access for ZTNA
- August Office Hours Recap in Advanced Analytics
-
NPA
45 -
ztna
15 -
private access
14 -
publisher
9 -
Netskope Private Access
7 -
netskope client
6 -
Private App
5 -
NSClient
4 -
Private Apps
3 -
Browser Access
3 -
Re-authentication for Private Apps
3 -
Zero Trust
3 -
MacOS
3 -
SAML
2 -
sso
2 -
Client
2 -
okta
2 -
Private App Discovery
2 -
clientless
2 -
Authentication
2 -
client update
2 -
browser
2 -
DNS Resolver
2 -
AWS
2 -
Network Privete Access
2 -
multi tags for NPA apps
2 -
Config Update
1 -
ps-tip
1 -
fleet
1 -
ipsec
1 -
IDP
1 -
SCCM
1 -
App Discovery
1 -
Policy Hit Count
1 -
Threat Protection
1 -
User Group
1 -
Real-time Policy
1 -
Netskope Endpoint Client
1 -
Prelogon
1 -
PQDN
1 -
best practice
1 -
tunnel
1 -
Azure PaaS
1 -
FQDN
1 -
domain
1 -
Azure AD
1 -
file size
1 -
Support
1 -
Chrome
1 -
jamf
1 -
VPN Client
1 -
EC2
1 -
same access
1 -
Reverse Proxy
1 -
configuration
1 -
Auto Scaling
1 -
Home Office
1 -
Events
1 -
Netskope Agent
1 -
Home Access
1 -
update
1 -
APIv2
1 -
Preference VPN
1 -
DNS over TCP
1 -
Azure
1 -
SSL bypass
1 -
Preference NPA
1 -
install
1 -
Script
1 -
CASB
1 -
multi-user mode
1 -
CIDR
1 -
Automation
1 -
Pre-login
1 -
Best Practices
1 -
overlap
1 -
jumpcloud
1 -
CRL
1 -
NG-SWG
1 -
CIDR Overlap
1 -
traffic steering
1 -
PreLogon Tunnel
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In