User Provisioning with OKTA
User Provisioning with OKTA
This topic illustrates integration with Okta for provisioning users via SCIM. The integration workflow includes configuring provisioning parameters in the Okta tenant.
The integration workflow includes the following steps. Ensure that you have configured REST API v2 token before proceeding:
- Configuring Netskope SCIM Provisioning in Okta
- Validating SCIM Provisioning Configuration
Configuring Netskope SCIM Provisioning in Okta
This section illustrates the steps for configuring the Netskope User Enrollment app in the Okta tenant. The Netskope User Enrollment App in Okta combines both user authentication and enrollment functionality for inline access methods and is also responsible for provisioning the Okta-sourced users and groups into the Netskope Platform.
- Login to OKTA admin UI and access the admin section by clicking the Admin button in the page header.
- Go to Applications > Applications. In the Applications page, click Browse App Catalog search for Netskope, and select the Netskope User Enrollment app.
- Click Add Integration in the Add Netskope User Enrollment page.
- Give a name (Application Label) for this app. For example: Netskope SAML Auth. Select Do Not Display Application Icon to Users. As the Netskope User Enrollment App is strictly for User Provisioning and Authentication, it is not an application users will need to interact with from their Okta Dashboard. Click Done.
- Go to the Provisioning tab and click the Configure API Integration button.
- Select the Enable API Integration option.
- In the API Token, copy and paste the v2 token generated in the Generating Netskope REST API v2 Token and SCIM URL section.
- In the Base URL, enter the new REST API v2 URL:
https://<tenant-name>.goskope.com/api/v2/scim
. - Select the Import Groups checkbox if there is a requirement for group linking. More on the topic can be found here and here.Take a note of the new URL format https://<tenant-name>.goskope.com/api/v2/scim as part of REST API v2
- Select Test API Credentials before proceeding to Save. You should receive a Netskope User Enrollment was verified successfully! message.
- Click Save.
- On the Provisioning tab > To App, ensure to select Create Users, Update User Attributes, and Deactivate Users to complete the Netskope and Okta Lifecycle management capabilities.
- Navigate to the Assignments tab and Assign test users and/or groups. If managing users by group is a requirement in Netskope, ensure that you navigate to the Push Groups tab and push appropriate groups to Netskope.
Validating SCIM Provisioning Configuration
At this stage, it’s best to select a test group and users to ensure identities are provisioned within Netskope. To validate if the users/groups were created successfully, do the following:
- Log in to your Netskope tenant.
- Go to Settings > Security Cloud Platform > Netskope Client. Select both Users and Groups and validate both were created successfully.