Netskope Help

Configure Azure SCIM Integration to Onboard Users to Netskope
  1. Log in to Azure AD console.

    image7.png
  2. Go to Azure Active Directory > Enterprise Applications. Click New Application.

    image8.png
  3. Search Create your own application.

    image17.png

    Note

    If you are still using the old app gallery experience, then select Non-gallery application as shown.

    image18.png
  4. Enter a name, like Netskope SCIM. Select Integrate any other application you don’t find in the gallery, and then click Create.

    image19.png

    Note

    If you are still using the old app gallery experience, then enter a name like Netskope SCIM, and then click Add

    image20.png

    A message will be displayed application was added successfully.

    image11.png
  5. Click Provision User Accounts.

    image12.png
  6. Click Get Started.

    image13.png
  7. Select Provisioning Mode as Automatic.

    Enter Netskope Tenant SCIM Server URL details.

    Enter Netskope OAUTH Token for SCIM Client details.

    Click Test Connection.

    Note

    You need to test the connection successfully before you save the configuration; otherwise, you will get an error during save.

    image14.png
    image15.png
    image16.png

    You can check In the Netskope tenant where the Last Used Time gets updated.

    image17.png
  8. Click Save.

    image18.png
    image19.png
    image20.png
  9. Next set Provisioning Status to On.

    Leave the default scope settings to Sync only assigned users and groups.

    Click Save.

    image31.png
    image22.png
    image23.png
  10. Add Azure users and groups to sync to the Netskope tenant.

    Select Users and Groups and select Add user.

    image25.png
  11. Select Users and Groups and then select the users and groups from the list.

    Click Select, and then click Assign.

    image26.png
    image27.png
    image28.png
  12. The selected user and group will be listed as shown.

    image29.png
  13. Go back to the Provisioning section.

    Important

    Azure SCIM Provisioning interval is 40 minutes.

    Initial Sync

    image30.png

    After 40 minutes

    image31.png
  14. Click View Audit Logs to view synchronization events, which can be used for troubleshooting issues.

    image32.png
  15. Check Azure users in the Netskope UI under Settings > Security Cloud Platform > Users.

    image33.png
  16. Check Azure groups in the Netskope UI under Settings > Security Cloud Platform > Groups.

    image34.png
    image35.png

    Azure SCIM can sync:

    1. Users

    2. Groups which also includes Users within the groups (nested groups not supported by Azure SCIM).

  17. The Azure Users & Groups will also be available for selection in Real-time Protection Policies.

    image36.png

The SCIM configuration is complete.