Reverse Proxy with Okta
This document explains a new way to integrate Okta with the Netskope SAML reverse proxy for a SaaS application, like Salesforce or Office 365. First establish single sign-on (SSO) between Okta and the SaaS application, then configure Netskope to be the SAML reverse proxy. To complete the integration, use an API request to modify the Okta App configuration to override the endpoint URL and use the Netskope SAML reverse proxy instead of the original SaaS application.
Note
These instructions are for new Okta integrations using the ACS URL Override implemented in 2018.
To watch a video about Neskope Reverse Proxy for Salesforce with Okta, click play.
Prerequisites
In order to complete the instructions in this document, you must first:
Have existing Okta and SaaS application admin accounts
Configure Okta for a Saas application with SAML following Okta's instructions Setting Up a SAML Application in Okta. While configuring the SaaS application, click View Setup Instructions on the Settings page after adding an application, and then copy the IdP SSO URL, IdP Issuer URL, and certificate. You will need these during this procedure.
Establish an SSO connection between the SaaS application and Okta and then verify it works. Refer to the SaaS application's Help documentation for instructions.
Before you begin, download the Postman app. You will need this app (or a similar app) to add the SSO ACS URL override described in this document.