Streamlining Identity Management: How to Configure Multiple IDPs

Netskope Global Technical Success (GTS)

Streamlining Identity Management: How to Configure Multiple IDPs

Netskope Cloud Version - 122

Objective
This document provides step-by-step instructions to help our customers configure multiple IDP setup for admins & Users

Details
When configuring Multiple IDPs for the Administrators or Users to access/forward traffic to Netskope
Below are the prerequisites:

Flag should be enabled - “Multiple IDPs Support for Management Console SSO”
Admin access to Netskope tenant

Step-by-Step configuration is below -

Configuration

For Administrators

Add all the admin SSO domains Netskope Database]

Path: Netskope UI >>> Settings >>> Administration >>> Internal Domains

Configure all the IDPs with their preferred domains

Path: Netskope UI >>> Settings >>> Administration >>> SSO

Login into the Netskope tenant, prompt will ask for admin email in order to search for the domain and redirect the admin to their appropriate IDP to authenticate.

Path: Netskope Tenant URL: https://<tenant>.goskope.com/ns#/login/sso?windowName=

For Users

Configure All the IDPs with their preferred domains

Path: Netskope UI >>> Settings >>> Security Cloud Platform >>> Forward Proxy >>> SAML

AD_4nXfWUdrJLQJksT68_g9AwoOEOK2yqVUBftmjWgoRucNx59rO0_E4Bbp6FUvGoAR3fL_Ihv16oYUhEtTSfh1lKaBrRcv50k31YExxRKyj85ZA47h20SDs9_7g64iLl3RZjMVgX7PfHzwKKrQIL42Z1oSvPqEP?key=Q_nbmmxTFOPP0SxtuZutKw

Note:

When we edit the configuration of the IDP under the optional page we have to add the preferred domains for the IDP.

Example:

For Azure the user Authentication domain is :- M365x51510246.onmicrosoft.com
For Okta the User Authentication domain is :- spark.com

AD_4nXfiTLlJ2IKR_IYk3xNiWvSbkAGnT80-x_JVNZuY5IU2m-kmHXjSbE5mclXDGHP10NDLxRTRpftjoFwz3KwAeovOEqFtoC_rnoruwpVSUU_pc4xC7yJVFqqdupUttBHAenmJFKhHL13-2LJMxWl9xMcaN8Jw?key=Q_nbmmxTFOPP0SxtuZutKw

AD_4nXccKF4Mas4SnLA1RKJYBOlCLM2KNUGB34MfDUHl0fNY5NnFwEcU5e9gNghRh535nChEnzjZ6DkEhHjl8KrkV3R82ydyA_2iyL_HBp8CThg2Cfabc3qyPGE_8lrOpUia9mniIFadoHmTZMsfRz1t_i0YI_fH?key=Q_nbmmxTFOPP0SxtuZutKw

Login to the Netskope Client

We will observe a pop-up to identify the Organisation if not installed using token

If the token is already embedded in the installation script of Netskope Client - we will directly see the below screen.

# Pop-up for user email in order to search for a domain to redirect the user to correct IDP for authentication.

AD_4nXcRgw7-RnS5rn5q0rsiNN2QR4vxmUgLHMQsACLSakbrT45CLWNmcDo61TmB6VR40_hGPQ9TlOo36ojK9SbxOr0aDju9Rq9lBv66tX6GBlOLmzasOWodN38qMTxIdw8wSYezB126w4EP8ETCX-qTBY8Zfa1i?key=Q_nbmmxTFOPP0SxtuZutKw

Multiple IDPs provide both convenience and security, making it easier to manage access across different user groups while maintaining robust security practices.

Benefits of Multiple IDP Environment

Flexibility: Supports various user groups with different authentication needs. (Employees, External users, Contractors, Customers, Partners)
Security: Enforces different levels of security based on user roles and regions.
Scalability: Adapts to organizational changes, such as mergers, acquisitions or multi-regional operations.
User Experience: Simplifies login processes by allowing users to authenticate with their preferred IDP.
Compliance: Ensures adherence to regional and industry-specific regulations.

Example: Microsoft, Google, Amazon, Cisco, and Salesforce, use a multi-IDP approach to provide secure, flexible access to management consoles and services.

Terms and Conditions

All documented information undergoes testing and verification to ensure accuracy.
In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

This article is authored by Netskope Global Technical Success (GTS).
For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

Netskope Global Technical Success (GTS)