Docy

Configure Netskope Directory Importer

Configure Netskope Directory Importer

You will need the Addon URL copied from the Directory Tools page (Settings > Tools > Directory Tools > On-Prem Integration) when you install the Directory Importer to complete these steps.

  1. Launch the Netskope Adapter Configuration Utility icon on your system.
  2. Enter and select these parameters:
    • UserInfo URL: Enter the Addon URL.
    • Directory Service: Select Other Directory Services.
    • Connect to Directory Services using SSL: Enable this checkbox.
    • Select Set Attributes.
  3. Enter LDAP parameters to connect to the JumpCloud LDAP Directory.
    • Server Name: ldap.jumpcloud.com Port: 636
    • Base DN: ou=Users,o=<Jumpcloud Org ID>,dc=jumpcloud,dc=com
    • Username: uid=<insert service account name from Jumpcloud>,ou=Users,o=<JumpCloud Org ID>,dc=jumpcloud,dc=com
    • Password: Enter the password generated in Jumpcloud.

    Tip

    The JumpCloud Organization ID can be found in the Administrator Portal > Settings > Organization Settings

  4. Select Test Connection. If this does not succeed. Validate your username and password are correct. Also ensure your Organization ID is correct.

    If the test continues to fail, open Event Viewer on the Window Machine in Summary Page Events.

    If you see Event ID: 36884. Follow the steps from here: https://support.microsoft.com/en-us/help/2275950/an-error-occurs-when-you-try-to-establish-ssl-connections-to-the-nodes

    image22.png
  5. When the test is successful you can select attributes.
  6. Fill in the details as shown below and click Apply and Close to go back to the main screen.
    image23.png
  7. Select Advanced Settings and set Log Level to Debug.
  8. Click Apply and Close.
    image25.png
  9. Select Dynamic Groups.

    Note

    The DN attribute is not available in JumpCloud Identity Schema, which is required by Directory Importer to map users and groups. This method is used to get both users and groups provisioned into the tenant with dynamic group mapping.

  10. Here’s an example shows a custom group which will add all users to a custom group
    • Dynamic Group Name: alljumpcloudusers.LDAP Query: (&(objectClass=inetOrgPerson))Click Test
    image27.png

    The test should come back valid.

    image28.png
  11. Click Add
    image29.png
  12. The query gets added to the list
    image30.png
  13. Here’s an example of adding a group name that was present in the JumpCloud Directory and map members to the group name.
    • Dynamic Group Name: TestLDAPLDAP Query: (&(objectClass=inetOrgPerson)(memberOf=cn=TestLDAP,ou=Users,o=<JumpCloud Organization ID>,dc=jumpcloud,dc=com))Click Test
    image31.png

    Note

    Repeat this step for all the Groups you want to import to Netskope.

  14. Click Add.
    image32.png
  15. Click Apply and Close.
  16. Click OK.
  17. Edit the NSADImporterConfig.json file located under

    C:Program FilesNetskopeNSAdaptersADImporter.

    image34.png
  18. Ensure the attributes highlighted in blue below match your config. Also, make a copy of the config before making any changes.
    image35.png
  19. Launch Services.msc console and restart the Netskope Directory Importer Service.
    image36.png
  20. Open the log file at C:UsersPublicNetskopensADImporterLog.log.

    You can view details of users and groups being fetched and provisioned into the tenant

    image37.png
  21. Log into the Netskope tenant
  22. Go to Settings > Security Cloud Platform > Users.
    image39.png
  23. When you select the users, the group memberships are shown.
    image40.png
  24. Go to Settings > Security Cloud Platform > Groups.
    image41.png
  25. When you select the groups, the members are shown.
    image42.png
  26. The users and groups will now be available in the Real-time Protection policy.
    image43.png
Share this Doc
In this topic ...