User Provisioning with Entra ID
User Provisioning with Microsoft Entra ID
This document provides step-by-step instructions to create a Netskope SCIM app on Microsoft Entra ID for provisioning users to your Netskope tenant.
Microsoft Entra ID provisioning via SCIM can sync Users and Groups which also includes Users within the groups (nested groups not supported by Azure SCIM).
Before Your Begin
Ensure that you have the following before you begin creating the Netskope SCIM app.
-
Global admin access to Microsoft Entra ID admin console.
-
Obtain the SCIM Base URL and SCIM token from your tenant.
Microsoft Entra ID provisioning does not support assigning apps to nested groups.
Creating Netskope SCIM App on Microsoft Entra ID
Log in to your Microsoft Entra admin center (https://entra.microsoft.com) with global admin credentials and follow these steps:
-
Go to Applications > Enterprise Applications. Click New Application.
-
Search for Netskope User Authentication.
-
Enter a Name, for example, Netskope User Provisioning, and click Create.
-
Click Provision User Accounts.
-
Click Get Started.
-
Select Provisioning Mode as Automatic and enter the following:
-
Netskope Tenant SCIM Server URL details
-
Netskope Token for SCIM Client details.
-
Ensure the connection is successfully tested before saving the configuration; otherwise, an error will occur during the save process.
-
-
In the Entra admin center, Click Save.
-
Next set Provisioning Status to ON and click Save.
The Default SCIM Mappings and Provisioning Scopes are listed under Mappings. You can click on the mappings to view details.
-
Under the Settings tab, if required select the option to send email notifications (optional) and set the scope to Sync only assigned users and groups.
-
Next, add users and groups to provision to the Netskope tenant. Select Users and Groups and select Add user.
-
Select Users and Groups and then select the users and groups from the list and click Select.
-
Go back to the SCIM app Overview section to monitor the provisioning status.
Entra initial sync, for SCIM Provisioning interval, is 40 minutes
-
Click View Audit Logs to view all account related events and click Provisioning Logs to view account provisioning status.
-
Check Microsoft Entra ID provisioned users in the Netskope UI under Settings > Security Cloud Platform > Users.
-
Check Microsoft Entra ID provisioned groups in the Netskope UI under Settings > Security Cloud Platform > Groups.
-
The Microsoft Entra ID provisioned Users & Groups will also be available for selection in Real-time Protection
The SCIM configuration is complete.