Configure Netskope Directory Importer
Configure Netskope Directory Importer
You will need the Addon URL copied from the Directory Tools page (Settings > Tools > Directory Tools > On-Prem Integration) when you installed the Directory Importer to complete these steps.
- Launch the Netskope Adapter Configuration Utility icon on your system.
- Enter and select these parameters:
- UserInfo URL: Enter the Addon URL.
- Directory Service: Select Other Directory Services.
- Connect to Directory Services using SSL: Enable this checkbox.
- Select Set Attributes.
- Enter LDAP parameters to connect to the JumpCloud LDAP Directory.
- Server Name:
ldap.jumpcloud.com Port: 636
- Base DN:
ou=Users,o=<Jumpcloud Org ID>,dc=jumpcloud,dc=com
- Username:
uid=<insert service account name from Jumpcloud>,ou=Users,o=<JumpCloud Org ID>,dc=jumpcloud,dc=com
- Password: Enter the password generated in Jumpcloud.
Tip
The JumpCloud Organization ID can be found in the Administrator Portal > Settings > Organization Settings
- Server Name:
- Select Test Connection. If this does not succeed. Validate your username and password are correct. Also ensure your Organization ID is correct.
If the test continues to fail, open Event Viewer on the Window Machine in Summary Page Events.
If you see Event ID: 36884. Follow the steps from here: https://support.microsoft.com/en-us/help/2275950/an-error-occurs-when-you-try-to-establish-ssl-connections-to-the-nodes
- When the test is successful you can select attributes.
- Fill in the details as shown below and click Apply and Close to go back to the main screen.
- Select Advanced Settings and set Log Level to Debug.
- Click Apply and Close.
- Select Dynamic Groups.
Note
The DN attribute is not available in JumpCloud Identity Schema, which is required by Directory Importer to map users and groups. This method is used to get both users and groups provisioned into the tenant with dynamic group mapping.
- Here’s an example shows a custom group which will add all users to a custom group
- Dynamic Group Name:
alljumpcloudusers
. - LDAP Query: (
&(objectClass=inetOrgPerson))
- Click Test
The test should come back valid.
- Dynamic Group Name:
- Click Add
- The query gets added to the list
- Here’s an example of adding a group name that was present in the JumpCloud Directory and map members to the group name.
- Dynamic Group Name:
TestLDAP
- LDAP Query:
(&(objectClass=inetOrgPerson)(memberOf=cn=TestLDAP,ou=Users,o=<JumpCloud Organization ID>,dc=jumpcloud,dc=com))
- Click Test
Note
Repeat this step for all the Groups you want to import to Netskope.
- Dynamic Group Name:
- Click Add.
- Click Apply and Close.
- Click OK.
- Edit the NSADImporterConfig.json file located under
C:Program FilesNetskopeNSAdaptersADImporter
. - Ensure the attributes highlighted in blue below match your config. Also, make a copy of the config before making any changes.
- Launch
Services.msc
console and restart the Netskope Directory Importer Service. - Open the log file at
C:UsersPublicNetskopensADImporterLog.log
.You can view details of users and groups being fetched and provisioned into the tenant
- Log into the Netskope tenant
- Go to Settings > Security Cloud Platform > Users.
- When you select the users, the group memberships are shown.
- Go to Settings > Security Cloud Platform > Groups.
- When you select the groups, the members are shown.
- The users and groups will now be available in the Real-time Protection policy.