Netskope Global Technical Success (GTS)

Streamlining Admin SSO with Azure AD: Custom Netskope Tenant Role Assignment

Netskope Cloud Version - 123

Objective

This document explains how to assign Custom Netskope Tenant Role in the Azure AD gallery application for Admin SSO.

Prerequisite

Netskope Administrator Console integration with Azure AD.

Context

As a Prerequisite, Netskope Administrator console should be integrated with Azure AD. Below article illustrates step-by-step guidance for the same:Single Sign On with Microsoft Entra ID This article also describes assigning Pre-defined roles to the SSO User.

Configuration

1. Log in to the Microsoft Azure Portal.
2. Select Enterprise applications:

3. Search for the already integrated 'Netskope Administrator Console' Application in the Application list.

4. Select “Get Started” on the “Set up single sign” on the tile.

5. Click the pencil icon for User Attributes & Claims:

6. Click on the admin-role claim.

7. This pane is for the user attribute that will be passed to Netskope representing the admin role. By default, AzureAD uses the user.assignedroles as the attribute that is passed to Netskope during the single sign-on process. You can assign the admin role a number of ways but two examples are listed below:

• If all members accessing the Netskope UI require the same role then you can statically assign a role by entering the role name in the “Source attribute” field. This must match the name of the role in the Netskope UI.

• You can also pass the admin role based on specific users or groups by using Claim conditions. For the same, Click Claim Conditions.

• Select User type “Members” and click “Selectgroups”:

• Select the group(s) you want to scope the role to and click“Select.”

• Select the “Attribute” radio button and enter the custom admin role you want to assign to the selected group that you created on Netskope Tenant. For this article, The Custom Role I have created is “NS Custom Admin”

• Repeat the above steps for each group and role that needs access.
• Click “Save”

8. Exit out of the User Attributes and Claims pane.
9. Navigate back to the Netskope Administrator Console Overview and select Users and groups:

10. Click Add user:

11. Click Users and groups and select the user(s) and group(s) who need access and then click Select. For this article, ‘Netskope SSO Admin’ Group is selected. All the members under ‘Netskope SSO Admin' group will have ‘NS Custom Admin’ Role.

12. Click “Select Role”

13. Select the User role and click “Select.”

14. Click “Assign”

This completes the custom role assignment process.

Verification

You can test by going directly to your tenant (tenantname.goskope.com) and verifying that SSO works for the assigned User(s)/Group(s).

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.