Skip to content
English
More support Sign in
EveryCloud
  • There are no suggestions because the search field is empty.

Netskope Admin SSO – Microsoft Azure Integration

How to configure Single Sign-On (SSO) for Netskope admin access using Microsoft Azure AD

Overview

Netskope supports Single Sign-On (SSO) for administrative access using identity providers such as Microsoft Microsoft Azure Active Directory (Azure AD).

Configuring SSO allows administrators to authenticate to the Netskope admin console using Azure AD credentials, improving security and centralising identity management.

Applies to

  • Netskope Admin Console
  • Microsoft Azure Active Directory (Azure AD)
  • SAML-based SSO configurations

Prerequisites

Before configuring SSO:

  • Azure AD tenant with admin access
  • Netskope admin access with permission to configure SSO
  • Ability to create Enterprise Applications in Azure AD
  • SAML configuration knowledge

Configuration Overview

SSO setup involves configuring both Azure AD and Netskope.

1. Configure Application in Azure AD

In Azure AD:

  1. Go to Enterprise Applications.
  2. Create a new application (non-gallery or custom app).
  3. Configure Single Sign-On (SAML).
  4. Set:
    • Identifier (Entity ID) – provided by Netskope
    • Reply URL (Assertion Consumer Service URL) – provided by Netskope
  5. Download or copy:
    • Azure AD metadata XML
    • Login URL / SSO URL
    • Certificate details

2. Configure SSO in Netskope

In the Netskope admin console:

  1. Navigate to Settings → Security → Admin SSO.
  2. Enable SAML-based SSO.
  3. Upload the Azure AD metadata file or manually enter:
    • SSO URL
    • Issuer
    • Certificate
  4. Save the configuration.

3. Map Users / Access

  • Ensure admin users exist in Azure AD.
  • Assign users or groups to the Enterprise Application.
  • Confirm user attributes (e.g. email / username) match Netskope admin accounts.

4. Test SSO

  • Attempt login via SSO.
  • Validate authentication flow.
  • Confirm admin access is granted correctly.

It is recommended to keep a local admin account as a fallback during testing.

Common Issues

  • Incorrect Entity ID or Reply URL
  • Certificate mismatch or expiry
  • Users not assigned to the application in Azure AD
  • Attribute mismatch (e.g. username vs email)
  • SSO enabled before validation (locking out admins)

Impact

  • Centralises admin authentication through Azure AD
  • Enables conditional access, MFA, and identity governance
  • Reduces reliance on local credentials

Misconfiguration may:

  • Prevent admin access to Netskope
  • Cause authentication failures
  • Require fallback access to recover

Action Required

  • Configure SAML settings in both Azure AD and Netskope.
  • Validate configuration with a test admin account.
  • Keep a non-SSO admin account for emergency access.
  • Document configuration settings for future reference.

Additional Information

SSO for admin access is separate from end-user authentication policies in Netskope. Ensure both are configured appropriately if using Azure AD across the platform.