Netskope with Okta SCIM Provisioning
Netskope with Okta SCIM Provisioning
Netskope SCIM app allows you to easily provision users and user groups using Okta. This document explains how you can quickly integrate with Okta to provision users in Netskope cloud. This configuration allows users to enroll their endpoints into their tenant via SAML and enables provisioning and deprovisioning via SCIM. Netskope supports the following provisioning features:
- Push New Users and User Groups
When a user or user group is created in Okta or a new user or user group is created in AD and uploaded to Okta, the user is automatically provisioned in the Netskope tenant.
- Push User Deactivation
When a user existing in Okta and provisioned in the Netskope tenant is deactivated by Okta, the user is deactivated in Netskope tenant as well.
- Reactivate user
A user in the Netskope tenant and identified by the same user-id in Okta or a user that was created and provisioned in the Netskope tenant by Okta is activated, the user is reactivated in Netskope tenant.
Note
- Netskope supports only the SCIM 2.0 protocol.
- Ensure that you have provisioned all users before pushing the respective user group.
- Okta does not support assigning apps to nested groups.
Prerequisites
To integrate Okta to the Netskope cloud, you will need:
- An Okta admin account.
- Your Netskope SCIM Server URL and OAuth Token. These are required to establish a connection between your Okta account and the Netskope cloud.
Workflow
- Get your Netskope SCIM server URL and OAuth token.
- Create a SCIM 2.0 app in the Okta admin console.
- Configure Netskope SCIM app with sign-on and user-attribute options.
- Assign users to the Netskope SCIM app.
- Validate the Netskope app.
To watch a video about Okta user provisioning, click play:
Get your Netskope SCIM Server URL and OAuth Token
- Log in to your Netskope tenant and go to Settings > Tools > Directory Tools.
- In the Directory Tools page, select SCIM Integration tab to create OAUTH tokens for all your vendors.
- Enter a name for the New OAuth Token and click Generate Token.
- The token will be shown on the SCIM Integration Dashboard, and copy the same for later use. Additionally, it will show further information like Last Used Time.
Create the Netskope User Enrollment App in Okta
The first step towards integrating Okta with Netskope is to create and configure a Netskope app as a SCIM application in your Okta account.
- Log in to your Okta account admin console.
- In the admin console, go to Applications > Browse App Catalog and search for the Netskope User Enrollment App.
- Click Add Integration.
- Enter an Application Label and click Done.
Configure the Netskope SCIM App
- On the App Provisioning page, click Configure API Integration.
- Enter the Base URL and API Token from the Netskope SCIM Integration page in the API Integration tab.
- Click Save and Test API Credentials before saving.
- In the Provisioning tab, select To App from the left-hand-side options, and click the Edit button for Provisioning to App. Enable the following:
- Create Users
- Update User Attributes
- Deactivate Users
- Click Save.
Add/Assign User and User Group to the Netskope User Enrollment App
- In the Assignments tab, click Assign and select Assign to People.
- Select the user to be assigned and click Assign.
- Select the groups to be assigned and click Assign.
- To push groups, select the Push Groups tab.
- Click Find Groups by Name.
- Search for the group to be added to the app and click Save.
- When added successfully, the user group will display an Active status.
Validate the Netskope App
To verify if the users are provisioned in the Netskope cloud from Okta, do the following:
- Log in to your Netskope cloud account.
- Go to Settings > Security Cloud Platform > Groups to check if the group has been pushed with the assigned users.
- Check in the Okta Dashboard for the same Group.
