Okta + Netskope
Comprehensive data security and access control in today’s multi-cloud world
The Challenge
- Organizations are moving to the cloud, enhancing workforce productivity but bringing new security challenges
- User credentials are under constant attack from internal and external security threats and attempts to exploit harvested enterprise data
- IT struggles with cloud app “authentication sprawl,” and with workforces accessing unsanctioned cloud resources that are tough to secure
- In this complex, evolving environment, the enterprise needs to find a way to securely provide always-on cloud access for users while safeguarding enterprise data
The Solution
Okta and Netskope work together to protect sensitive enterprise data and make zero-trust, real-time security a reality. Safely provide your workforce with seamless Single Sign-On (SSO) access to the cloud services they love, whether sanctioned or unsanctioned, on managed or unmanaged devices, regardless of location or network. Give your IT and security teams a 360° view of organizational cloud access and usage, including visibility across thousands of IaaS, PaaS, SaaS and web services, as well as fine-grained cloud-access controls, including seamless, automated remediation protocols.
Okta establishes users and groups in Netskope via SCIM, and when combined with SAML, admins get nuanced control over user provisioning and policies, without having to alter underlying identity systems. For example, a user behaving questionably can be automatically shifted to an attribute-defined group like “High Risk” without changing their role in AD and affecting everything downstream. Similarly, an enterprise-wide migration to a newly sanctioned app doesn’t have to happen all at once across the organization—this can happen in stages, thanks to Okta providing information about users and groups, with different groups or departments migrating to the new application or security policies at different times, as each becomes ready.
Using the combined solution, enterprise policies can cover sanctioned applications, web services and unsanctioned SaaS usage on managed and unmanaged devices. When Netskope detects that a user has violated an enterprise policy—a DLP (Data Loss Prevention) violation, for example—Netskope calls out to Okta to trigger step-up authentication via MFA (Multi-Factor Authentication). Based on the response from Okta, Netskope can take action like suspend a session or re-validate the user.
Okta and Netskope work together to tie each authenticated identity to the entire inline experience after login—including web browsing and unsanctioned app usage—by enforcing downloads of the Netskope client and steering all traffic through Netskope. This makes it easier for IT to enforce enterprise workflow policy and guide wayward users automatically and seamlessly back to the desired path.
Strong MFA protection doesn’t have to stop at login—it can be applied inline, to continue securing users and data through post login activity. For example, if a legitimate user is traveling in a risky country or otherwise exhibits unusual behavior, Netskope can suspend the active session and prompt the user to re-authenticate through Okta to confirm their identity and resume the session.
Netskope Cloud Exchange provides rich signals on user behavior and activity across sanctioned and unsanctioned cloud applications. By integrating these insights with Okta Identity Threat Protection (ITP), organizations gain a unified view of user risk that spans both identity and cloud security domains. This powerful combination allows for continuous, adaptive access control based on real-time changes in user risk scores, with the ability to automatically terminate active sessions and trigger targeted remediation workflows.
- Combine Okta’s strong identity tools with Netskope’s consolidated view of user activity for end-to-end enterprise protection
- Keep user identities and sensitive data safe from a wide range of threats, both internal and external
- Enable modern, intuitive, SSO cloud access for your workforce: any device, any apps, from any location
- Give your IT and security teams granular control over all user activity, including automated tools for risk remediation