Tip:
Highlight text to annotate it
X
Hi.
Welcome to Movie Line Monday.
My name is Moinul.
Today, the movie line is from Braveheart.
"You can take away our lives, but you cannot take away our
freedom."
We are going to talk about the integration between SSO
vendors and Netskope solution.
With this integration, security administrators can
provide full freedom to their users in a safe
and compliant way.
Before I do that, let's talk about what are the use cases
and benefits for SSO solutions?
And what are the benefits for Netskope?
As enterprise customers are adopting more and more cloud
applications, they want to have their users the best
experience.
From an end user perspective, if they're using five or eight
different coupled SAS applications, they do not want
to remember eight different passwords, for an example.
SSO solutions can really solve that problem.
As an end user, I present my corporate credential once to
the SSO vendors.
And then SSO vendors will manage all these back in SAS
application accounts for me.
What are the benefits for Netskope?
We, Netskope, we are a cloud security company.
We provide deep analysis about users, SAS applications,
users' behavior, and, more importantly, we enable
security admins to create very granular security access
control rules.
OK.
Now that we know about the benefits for SSO and then the
benefits for Netskope solution, the question is, why
do we need an integrated solution?
In order for Netskope to provide deep visibility and
look at traffic and do deep analysis, we have to be in
between end user traffic and back end SAS application.
And we have to have a very reliable way to steer end user
traffic to our cloud proxy for analysis.
And one of the ways that we can do this is via a simple
browser add-on.
So, if an endpoint has a Netskope add-on installed, the
traffic will be steered from endpoint to our cloud proxy,
where we'll do deep analysis, where we'll
enforce security policies.
And then the traffic will go to the back end SAS
applications.
How does it work?
There are basically two different workflows.
One is called IDP Initiated Workflow.
And then the other one is Service
Provider Initiated Workflow.
In IDP Initiated Workflow, the end user opens up a browser,
and then they will type something like
"www.mycompany.octa--
for an example-- .com."
The end user traffic comes to the SSO portal.
SSO will validate the end user against the
back end active directory.
And then, once the user is validated, SOO will redirect
the user traffic to Netskope.
Netskope will go and look at the endpoints.
And if the add-on is disabled or if the Netskope add-on is
not enabled, then we will install the Netskope add-on.
And then we send this traffic back to the SSO portal.
From there, user can connect to Salesforce or Box in a
single sign-on experience.
In the Service Provider Initiated Workflow, the flow
is very similar.
But in this case, user is going straight to the SAS
application.
So, again, they will launch a browser.
They will type something like "www.mycompany.salesforce.com."
The user traffic goes there.
Salesforce will do a SALM redirection to SSO.
SSO will validate the user against
back end active directory.
And then, SSO does the redirection to Netskope.
And then, Netskope group will install the add-on, send the
user traffic back to SSO.
And then, now, user has access to Salesforce, Box, whatever
applications that they're using.
Now, for this workflow, what do you
actually have to configure?
It's very simple.
You go to the SSO admin GUI, you select the Netskope
adapter as a multi-factor, and then you just type the
redirect URL where the user traffic needs to
be redirected to.
And now, with that simple configuration, you have fully
integrated SSO and Netskope solution in place.
What are the results?
User, as a security admin, I now have full visibility of my
users, what SAS applications they're using, how
they're using it.
And, at the same time, my users are now fully compliant
with corporate security policy.
Thanks for joining us for this Movie Line Monday.
If you have any questions, comments, or concerns, please
write to us, to MovieLineMonday@netskope.com.