Understanding Network Ingress Controllers
SurePath AI needs to know who is connecting to us and what method they are using. This helps keep the service safe, and enables additional features. SurePath AI has three different connectors. Please use the one that aligns with how you are doing Network Ingress in your environment.
All available ingress types can be found here: Traffic Integration / Intercept
Netskope - This type of connector only applies to using Netskope and using a forward proxy rule.
Zscaler - This type of connector only applies to using Zscaler and using a forward proxy rule.
Proxy - Use this connector when you are using any of the Proxy types in the list linked above.
Note: The DoH client does not need a connector. It should also not be considered "Enterprise class" or a primary form of interception for your organization. It should be used for testing and proof of concepts only.
Creating the connector
Login to the SurePath Admin interface
Navigate to and click Connectors -> ADD CONNECTOR
Add a descriptive name
Using the dropdown box, select the appropriate Type
Netskope
Zscaler
Proxy
Netskope only:
Enter your Tenant Info
This will be the hostname in the URL you use to access the Netskope admin interface.
Example in bold: https://surepathai-prod.goskope.com/
Eliminating the SSO Login to SurePath AI
This feature must also be enabled in your SASE provider. Please see the appropriate Traffic Integration / Intercept documents.
Look for "(Optional) X-Authenticated-User)"
If you are using Netskope or Zscaler, you can enable the following feature to eliminate the SSO login requirements while using Public GenAI sites. The users login will be sent to SurePath AI in the header of the communications.
Turn on Enable X-Authenticated-User Header if required.
SAVE CHANGES and you are done.