Solved

IDP Install for non-domain joined sytems

  • 28 December 2023
  • 2 replies
  • 104 views
M

Hi All! 

 

Hoping someone can help pin down an issue we're running into with deployment of the Netskope Client via IdP. FWIW - We're using Okta as our IdP. 

 

IdP Install reference: 

https://docs.netskope.com/en/netskope-help/netskope-client/netskope-client-deployment-options/deploy-netskope-client-via-idp/


We have the Okta account set up in Settings>Security Cloud Platform>Forward Proxy SAML. We also have the .msi file on the computer.

 

We run the following install script: 

 

msiexec /I NSClient.msi tenant=**MASKED** domain=goskope.com installmode=IDP mode=peruserconfig autoupdate=on /qn

 

After running the script, the Netskope client installs, and the user is prompted to enter in their Okta credentials. The user completes Okta authentication (we can see the successful log within Okta) but then the Netskope enrollment window flashes to a "Hmmm... can't reach this page" error. 

 

 

Has anyone here run into a similar issue or know how to solve for this? 

icon

Best answer by mattwalker 31 December 2023, 03:58

View original

2 replies

M

Figured out the issue - posting here to inform the community. 

 

Issue is that you can't use the same Okta App for Netskope User Enrollment as you use for Netskope IdP enrollment. You have to set up another separate Okta App, just for the IdP. 

S
Rank
Userlevel 6
Badge +16

Hello @mattwalker,

 

You should be able to use the same app for User Enrollment (SCIM) and IDP enrollment (SAML).  Based on the screenshot, it appears that the client was redirecting to .goskope.com which is not a valid URL.   How was the client installed?  Are you being prompted for a domain once your client is installed? 

Sam ShiflettNetskope Solution Architect - North America

Reply


Terms & ConditionsCookie settings