Domain/UPN change causes Priv Access Gateway to not connect

L
Badge +1

Hello,

 

We encounter an issue that when a user's domain / UPN changes from say:

admin@contoso.local > admin@newcontoso.local

The private gateway will fail to establish

 

In my env Netskope is setup in MultiUser mode(v93.1.0.951) and is integrated with Azure AD for user provisioning / SSO

 

Reinstalling the Netskope client doesn't resolve the issue

 

Looking at the device within the Netskope Admin console its client status is 'Multiple Statuses' it will show the same user with both the new domain and the previous domain

 

Looking at the users profile (updated domain) it will report that the client status is up but physically on the workstation the tunnel will be down and non functional

 

The only solution that works is to reimage the workstation or assign another device, which feels insane

Has anyone seen this before or have any advice on a resolution?

 

Cheers,

 

3 replies

K
Badge +6

Hi, @lmunro . Thank you for reaching outA Netskope expert from our community team will get back to you as soon as possible. In the meantime, if any community member knows the solution, please reply to this thread!

L
Badge +1

Hi Imunro,

 

I'm trying to do the same thing with changing the user's domain and having the same issue. We have Azure AD set up and are syncing identities from there. The change in the username is showing up in the list of users in the settings (under Security Cloud Platform > Netskope Client >Users). However the updated username is not reflected in the SkopeIT users and we have to add the new username back to the private apps.

 

As a workaround we are uninstalling the client and sending a new invite to the updated email address. This isn't ideal as it is creating duplicate users for the devices they use.

 

If anyone else has run into this issue and has any other way of fixing it I'd be happy to hear.

 

Thanks!

L
Badge +1

Hi @LaytonLS 

Not sure if the new versions have made this better but the process is a lot better than it was

 

Below are the steps I follow for a UPN Suffix Update on a user, do mind this on a Hybrid Setup with Azure and domain bound devices

 

Sync Azure AD to Netskope
Check Netskope has new UPN in Settings > Security Cloud Platform > Users
Log into device with new username
Using cmd execute "whoami /upn" it should display the new UPN this is important
Clear "APPDATARoamingNetskope" and restart
Login and check netskope works
Should have a private gateway IP assigned
Otherwise perform another reboot

Reply


Terms & ConditionsCookie settings