SSO Access for Netskope Support
The Cloud Exchange has recently introduced support for additional Single Sign-On (SSO) options. This new functionality allows Netskope Support to efficiently troubleshoot your environments with the new SSO options. By leveraging these SSO options, the Support engineers can access customer environments without requiring their login credentials, ensuring a more secure and streamlined troubleshooting experience.
If Cloud Exchange is deployed on-premises, you may need to grant Support access to your instance to configure additional SSO options. This ensures a smooth configuration process, and enables Support to efficiently troubleshoot any issues. Netskope recommends that you provide detailed instructions or remote access to their instance to facilitate the configuration process.
Configure SSO in Cloud Exchange
Log in to Cloud Exchange.
Go to Settings > Users > SSO Configurations.
Enable the SSO toggle.
Make a note of these SSO Configurations.
Cloud Exchange Field
Example (http://10.50.3.24/)
Service Provider Entity ID
http://10.50.3.24/api/metadata?sre=true
Service Provider ACS URL
http://10.50.3.24/api/ssoauth?acssre=true
Service Provider SLS URL
http://10.50.3.24/api/slslogout
You need to add
sre
as additional parameters in value.Copy these variables. You need to add all these variables in the
docker-compose.yml
file.Environment Variables
Description
SRE_IDP_IDENTITY_ID
Identity Provider Issuer ID
SRE_IDP_SSO_URL
Identity Provider single sign on URL.
SRE_IDP_SLO_URL
Identity Provider single logout URL.
SRE_IDP_X509_CERT
Public x509 Certificate
Run these commands to set environment variables.
Go into the existing
ta_cloud_exchange
directory.Stop the CE containers.
$ ./stop
Open the
yml
file to set up environment variables.Linux:
$ vi docker-compose.yml
Redhat:
$ sudo vi podman-compose.yml
Put the environment variables into core service in the
yml
file.core:
image: index.docker.io/${CORE_TAG}
environment:
-
SRE_IDP_IDENTITY_ID=<value>
-
SRE_IDP_SSO_URL=<value>
-
SRE_IDP_SLO_URL=<value>
-
SRE_IDP_X509_CERT=<value>
Save the file.
Start the CE Services:
$ ./start
The Netskope Support now has the ability to access your Cloud Exchange through the /netskopesso
endpoint using SSO.