Integrate an Identity Provider (IdP)

Integrate an Identity Provider (IdP)

Integrating with an IdP (like Azure AD, Okta, etc.) is a crucial part in configuring your Netskope tenant. Users and Groups that are within your IdP’s directory will be synchronized to Netskope for use in security policies and access controls.

For example, block SSH as a protocol for every user except those in the IT, CloudOps, and SecOps teams.

This allows your IdP to become the single-source-of-truth from a security perspective once you have all of your policies defined within the Netskope portal.

See Netskope Client IdP Mode with Azure SCIM and Azure AD or ADFS SAML Auth for more details.

User Provisioning

When you onboard a new employee, you will add them to the company directory and appropriate AD/Security Groups. This information is immediately synchronized to Netskope where your security policies (based on identity attributes) are instantly enforced for that user.

These are the main methods available for synchronizing your users and groups:

  • SCIM Provisioning (recommended): This API link between your IdP and Netskope that automatically synchronizes user and group information.

  • Directory Importer Tool: Directory Importer is a tool, run locally, that synchronizes your directory information from your on-premises Active Directory Domain Controller to Netskope. This is only recommended if you don’t have a cloud-based identity service like Azure AD or Okta.

  • Manual Import: If you don’t operate or have a user directory or identity provider, users and groups can also be manually created within the Netskope Admin Console.

    This method should only be used if you do not have an IdP that supports SCIM.

SCIM User Provisioning

A best practice is to use the SCIM protocol (an API link between the IdP and Netskope) to synchronize users to your Netskope tenant.

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems.

SCIM is supported by all major cloud IdPs, including Azure Active Directory (Azure AD), and Okta. Click the link below to your corresponding IdP for a guide on how to integrate it with Netskope:

When completed, you can verify if your users are being synchronized to Netskope correctly by navigating to Settings > Security Cloud Platform, and clicking Users under the Netskope Client heading.

image5.png

You can validate that group membership has also successfully synchronized by clicking on the username of a user to see which groups they belong to.

image7.png

Directory Importer

If your organization does not use a cloud IdP, you can use Netskope’s Directory Importer tool to synchronize users from your on-premise Active Directory Domain Controllers. To learn more: Configure Directory Importer

Manual Import

If you operate a smaller organization that does not have a cloud IdP or operate Active Directory server, Netskope also supports manual user creation via the Admin Console UI or CSV Import.

Share this Doc

Integrate an Identity Provider (IdP)

Or copy link

In this topic ...