User Provisioning with Entra ID

User Provisioning with Microsoft Entra ID

This document provides step-by-step instructions to create a Netskope SCIM app on Microsoft Entra ID for provisioning users to your Netskope tenant.

Microsoft Entra ID provisioning via SCIM can sync Users and Groups which also includes Users within the groups (nested groups not supported by Azure SCIM).

Before Your Begin

Ensure that you have the following before you begin creating the Netskope SCIM app.

Creating Netskope SCIM App on Microsoft Entra ID

Log in to your Microsoft Entra admin center (https://entra.microsoft.com) with global admin credentials and follow these steps:

  1. Go to Applications > Enterprise Applications. Click New Application.

  2. Search for Netskope User Authentication.

  3. Enter a Name, for example, Netskope User Provisioning, and click Create.

  4. Click Provision User Accounts.

  5. Click Get Started.

  6. Select Provisioning Mode as Automatic and enter the following:

    • Netskope Tenant SCIM Server URL details

    • Netskope Token for SCIM Client details.

    • Ensure the connection is successfully tested before saving the configuration; otherwise, an error will occur during the save process.
  7. In the Entra admin center, Click Save.

  8. Next set Provisioning Status to ON and click Save.

    The Default SCIM Mappings and Provisioning Scopes are listed under Mappings. You can click on the mappings to view details.

  9. Under the Settings tab, if required select the option to send email notifications (optional) and set the scope to Sync only assigned users and groups.

  10. Next, add users and groups to provision to the Netskope tenant. Select Users and Groups and select Add user.

  11. Select Users and Groups and then select the users and groups from the list and click Select.

  12. Go back to the SCIM app Overview section to monitor the provisioning status.

    Entra initial sync, for SCIM Provisioning interval, is 40 minutes

  13. Click View Audit Logs to view all account related events and click Provisioning Logs to view account provisioning status.

  14. Check Microsoft Entra ID provisioned users in the Netskope UI under Settings > Security Cloud Platform > Users.

  15. Check Microsoft Entra ID provisioned groups in the Netskope UI under Settings > Security Cloud Platform > Groups.

  16. The Microsoft Entra ID provisioned Users & Groups will also be available for selection in Real-time Protection

    The SCIM configuration is complete.

Share this Doc

User Provisioning with Entra ID

Or copy link

In this topic ...