Netskope Global Technical Success (GTS)

Netskope Admin SSO - Google IDP Integration

Netskope Cloud Version - 124

Objective

This document provides step-by-step instructions to configure SSO with Google IDP for Netskope Admin accounts, enabling seamless authentication and role-based access.

Prerequisite

Google Workspace Admin Access – Required to configure SAML in Google Admin Console.

Netskope Admin Access – Required to enable SSO in the Netskope tenant.

Configuration

Step 1 - Create Custom User Attributes in Google Workspace

1. Log in to Google Admin Console
2. Navigate to Directory > Users > Manage Custom Attributes.

3. Click Add Custom Attribute and configure the following:

Category Name: Netskope Attributes

Attribute Name: admin-role

Data Type: Text

Visibility: Visible to user and admin , Single-Value

4. Click Save

Step 2: Assign SSO Role Value to Users

1. In Google Admin Console, go to Directory > Users.
2. Select the user who needs Netskope Admin Access.
3. Click User Information > Custom Attributes (Netskope Attributes).

4. Assign the admin-role value, such as:

Tenant Admin

Delegated Admin

5. Click Save.

Step 3: Create the SAML Web App in Google Workspace

1. Go to Google Admin Console > Apps > Web and mobile apps.
2. Click Add App > Add custom SAML app.

3. Enter an App Name (e.g., "Netskope Tenant SSO") and an optional logo.

4. Click Continue.
5. Copy the SSO URL, entity ID, and download the certificate

6.We have to get the ACS URL and Entity ID from Netskope SSO settings and select the Name ID Format and Name ID as shown below.

7. Open a new browser tab and log in to the Netskope Console. ( Do not close the Google IDP configuration page, as we need to retrieve the ACS URL and Entity ID from Netskope)

Step 4: Configure Netskope WebUI SSO

1. Log in to Netskope Admin Console.
2. Path: Netskope Tenant UI >>> Settings >>> Administration >>> SSO
3. Configure a New SSO Account as shown below

(The IDP SSO URL, Entity ID, and IDP Certificate were copied and downloaded from Step 3, Point 5.)

4. After saving the configuration, you will receive the Entity ID and ACS URL. Make sure to save them, as they are required for the IDP configuration.

Step 5: Resume the IDP configuration that was paused at Step 3, Point 7.

1. Add the ACS URL and Entity ID copied from Netskope, then click Continue.

2. Click on Add Mapping and configure the values as shown below, then click the Finish button.

3. Enable the Service

Verification

Audit Logs:

Admin page:

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.