SCIM-Based User Provisioning
SCIM-Based User Provisioning
System for Cross-domain Identity Management (SCIM) defines a standard for exchanging identity information across different cloud app vendors. The objects that are exchanged using SCIM are called resources (like user resource, group resource etc). The purpose of SCIM is to automate the exchange of user identity information across apps for user provisioning.
A SCIM-enabled directory server (like Azure AD or Okta) can directly send user information to the SCIM server in Netskope cloud. This service is currently available for Microsoft Azure AD and Okta via REST API v2 token authentication.
Note
The previous method of using the Directory Tool and OAuth token to authenticate SCIM has been deprecated. Refer to Netskope Product EOL Announcements for more information. Use the REST API v2 token to integrate SCIM.
Using REST API v2 for SCIM
- Go to Settings > Tools > REST API v2.
- Click New Token.
- Enter a token name, and the desired expiration interval.
- Click the Add Endpoint dropdown and search for SCIM.
- Select the
api/v2/scim/Users
endpoint and click Save. - Repeat Step 4, and select the
api/v2/scim/Groups
endpoint, and click Save. - Adjust permissions of the two endpoints that were just selected to support the ability to manage users and groups.
- Click Save.
- When the Success window opens, copy token to a safe place.
Note
This token can not be retrieved in the future. If you lose the token, you must reissue the token again.
- In your IdP SCIM client, use the new URL for SCIM and Token that you generated.
https://<tenant-name>.goskope.com/api/v2/scim
- Token obtained in step 9
For specific integration instructions, go to:
Follow the instructions specified for the respective applications to the app and provision users. Once complete, test the connection. If the test succeeds, the SCIM integration process is complete. For more details about SCIM integrations with Azure and Okta, go to:
Microsoft Azure Support
Netskope currently supports the following:
- Provisioning of users.
- Provisioning of groups.
Okta Support
Netskope currently supports the following:
- Provisioning of users and user groups.