Skip to main content

Netskope Help

SSO Access for Netskope Support

The Cloud Exchange has recently introduced support for additional Single Sign-On (SSO) options. This new functionality allows Netskope Support to efficiently troubleshoot your environments with the new SSO options. By leveraging these SSO options, the Support engineers can access customer environments without requiring their login credentials, ensuring a more secure and streamlined troubleshooting experience.

If Cloud Exchange is deployed on-premises, you may need to grant Support access to your instance to configure additional SSO options. This ensures a smooth configuration process, and enables Support to efficiently troubleshoot any issues. Netskope recommends that you provide detailed instructions or remote access to their instance to facilitate the configuration process.

Configure SSO in Cloud Exchange
  1. Log in to Cloud Exchange.

  2. Go to Settings > Users > SSO Configurations.

    CE-User-Settings.png
  3. Enable the SSO toggle.

  4. Make a note of these SSO Configurations.

    Cloud Exchange Field

    Example (http://10.50.3.24/)

    Service Provider Entity ID

    http://10.50.3.24/api/metadata?sre=true

    Service Provider ACS URL

    http://10.50.3.24/api/ssoauth?acssre=true

    Service Provider SLS URL

    http://10.50.3.24/api/slslogout

    You need to add sre as additional parameters in value.

  5. Copy these variables. You need to add all these variables in the docker-compose.yml file.

    Environment Variables

    Description

    SRE_IDP_IDENTITY_ID

    Identity Provider Issuer ID

    SRE_IDP_SSO_URL

    Identity Provider single sign on URL.

    SRE_IDP_SLO_URL

    Identity Provider single logout URL.

    SRE_IDP_X509_CERT

    Public x509 Certificate

  6. Run these commands to set environment variables.

    1. Go into the existing ta_cloud_exchange directory.

    2. Stop the CE containers.

      $ ./stop

    3. Open the yml file to set up environment variables.

      Linux: $ vi docker-compose.yml

      Redhat: $ sudo vi podman-compose.yml

    4. Put the environment variables into core service in the yml file.

      core:

      image: index.docker.io/${CORE_TAG}

      environment:

      - SRE_IDP_IDENTITY_ID=<value>

      - SRE_IDP_SSO_URL=<value>

      - SRE_IDP_SLO_URL=<value>

      - SRE_IDP_X509_CERT=<value>

    5. Save the file.

  7. Start the CE Services:

    $ ./start

The Netskope Support now has the ability to access your Cloud Exchange through the /netskopesso endpoint using SSO.