Photo by Ed Webster on Pexels.com

Issue Description

Netskope provides Reverse Proxy mode as part of it’s CASB suite. Reverse Proxy feature helps to capture data exfilteritaton from unmanaged devices (computer/devices not in your perimeter network).

This Reverse Proxy to work, Netskope will provide you a url, which need to be updated in ssoAcsUrlOverride property of Office 365 App in Okta. This can only be done using API request, there isn’t any GUI option available at this time.

Regardless of everything right, I was unable to set the attribute and was getting below error of Type Mismatch.

{
    "errorCode": "E0000037",
    "errorSummary": "Type mismatch exception",
    "errorLink": "E0000037",
    "errorId": "oae_RrXg7WwSOGoHwwoh8HLDg",
    "errorCauses": []
}

Cause

There is a bug in Okta, which doesn’t allow ssoAcsUrlOverride value to be updated if you selection below option, which allows you to enable federation for Office 365 Domain automatically.

Fix

Okta Suggested to switch Automatic config to static one, which fixed the problem but let me warn you before you pefrom this :

  • Make sure you perform this in a downtime window because Office 365 domain will be updated from federated to Managed as soon as you turn off the automatic option in Okta.
  • So your user will not be able to use federation of short amount of time.
  • Once you are done making the in Office 365 and make domain federated.
  • Running the same put request again to update ssoAcsUrlOverride will work.

Thank you for reading