Netskope and Okta SCIM Provisioning
Netskope and Okta SCIM Provisioning
This guide explains how to set up and install the Netskope User Enrollment within Okta. This configuration allows users to enroll their endpoints into their tenant via SAML, and enables provisioning and deprovisioning via SCIM.
The Netskope User Enrollment app allows you to easily provision users and user groups using Okta. Netskope supports the following provisioning features:
- Push New Users and User Groups
When a user or user group is created in Okta, or a new user or user group is created in AD and uploaded to Okta, the user is automatically provisioned in the Netskope tenant.
- Push User Deactivation
- Reactivate user
When a user existing in Okta and provisioned in the Netskope tenant is deactivated by Okta, the user is deactivated in the Netskope tenant as well.
A user in the Netskope tenant and identified by the same user-id in Okta, or a user that was created and provisioned in the Netskope tenant by Okta is activated, the user is reactivated in the Netskope tenant.
- An Okta admin account with console access.
- The SCIM Server URL and OAuth Token: This is required to establish connection between your Okta account and Netskope cloud.
Configuring Okta for the Netskope User Enrollment
This document explains how you can quickly integrate with Okta to provision users in the Netskope cloud. To integrate Okta to the Netskope cloud, you will need:
- An admin account with access to the Okta admin console.
- Create a SCIM 2.0 app in the Okta admin console.
- Configure Netskope SCIM app with sign-on and user-attribute options.
- Assign users to the Netskope SCIM app.
- Log in to your Netskope Tenant and go to Settings > Tools > Directory Tools.
- In the Directory Tools page, select SCIM Integration tab to create OAUTH tokens for all your vendors.
- Provide the Name for the New OAuth Token and Click on Generate.
- The Generate Token will be shown on the SCIM Integration Dashboard and you can copy the same for further use. Additionally, it will show further information like Last Used Time.
Creating Netskope User Enrollment App in Okta
The first step towards integrating Okta with Netskope is to create and configure the Netskope User Enrollment app as a SCIM application in the Okta account.
- Log in to your Okta account admin console.
- In the admin console, Click on Applications -> Click on Browse App Catalog -> Search for the Netskope User Enrollment App
- Click on Add Integration
- Provide the Application Label and Click on Done
Configuring Netskope SCIM App
- In the App Provisioning page, Configure the API Integration.
- Copy the Base URL and API Token from the SCIM Integration as discussed the prerequisite and paste the same in the API Integration tab.
- Click on Save and Test API Credentials before Saving.
- In the Provisioning tab, select To App from the left-hand-side options, and click Edit button for Provisioning to App. Enable the following:
- Create Users
- Update User Attributes
- Deactivate Users
- Click Save.
- In the Assignments tab, click Assign and select Assign to People.
- Select the user to be assigned and click the Assign button.
- Select the groups to be assigned and click the Assign button.
- To push groups, click the Push Groups tab.
- Click Find Groups by Name button.
- Search for the group to be added to the app and click the SAVE button
- Once added successfully, the user group will display Active status.
- Log in to your Netskope Tenant account.
- Go to Settings > Security Cloud Platform > Groups to check if the group has been pushed with those number users
- Checking the same in OKTA Dashboard for the same Group