Skip to main content

Netskope Help

Netskope Client IdP Mode with Azure SCIM and Azure AD or ADFS SAML Auth

This document describes how to integrate the Netskope Client in IdP mode with Azure SCIM user provisioning and Azure AD or ADFS SAML authentication. >You can deploy the Netskope Client in IdP mode specifically for Windows and Mac endpoints that are not joined to a domain and use Cloud Identity and Access Management. This applies to both types of tenants (Cloud Apps Only or Web Traffic).

Note

The Netskope Client in IdP mode supports both manually created users in the tenant or users on-boarded via Directory Importer/SCIM tools. Using Directory Importer/SCIM for ease of user management and to support groups for during policy creations is recommended.

Workflow

This integration requires the following steps to be performed in the order specified.

  1. Configure Netskope OAuth Token for Azure SCIM Integration

  2. Configure Azure SCIM Integration to Onboard Users to Netskope

  3. Get Netskope SAML settings

  4. Configure an Enterprise Application in Microsoft Azure Active Directory for SAML Auth

  5. Add an Azure AD Account in Netskope SAML – Forward Proxy

  6. Configure ADFS IdP for Netskope SAML – Forward Proxy

  7. Add an ADFS IdP Account in Netskope SAML – Forward Proxy

  8. Enable Authentication and Configure Domain Bypass Settings

  9. Install the Netskope Client in IdP Mode and Enroll Users For Windows

  10. Install the Netskope Client in IdP Mode and Enroll Users For Mac

  11. Test Website Access and Check Skope IT Events

In this section: