Netskope Help

Provisioning Users for Netskope Client

One of the crucial steps towards deploying client in your environment is importing your users into your Netskope tenant. Netskope Cloud Platform leverages its own directory to apply security policies across all deployment modes and operating systems. For this reason, it is mandatory to populate user and groups as described in this article,

The following are the supported methods to import users into your Netskope tenant.

Import Methods and Supported User Attributes

Import Method

UPN

Email ID

First Name, Last Name

Groups

OU

Custom Attributes

Notes

Manual Entries

No

Yes

No

No

No

No

This option is recommended only when adding a small number of users manually.

Bulk Upload via CSV file

No

Yes

Yes

No

No

No

This option is recommended only when adding a small number of users manually.

SCIM

Yes (userName)

Yes

Yes

Yes

No

No

Recommended option for large size deployment.

Directory Importer

Yes

Yes

Yes

Yes

Yes

Yes

Note

Email ID and UPN is a mandatory field during user import.

  • Email ID is mandatory in all deployment modes because it represent the user identity across the Netskope Secure Cloud Platform.

  • UPN is mandatory for transparent deployment of Netskope Client and is highly recommended.

Manual Entries or Bulk Upload

In this method you can do single or bulk import of users manually via the Tenant UI or using a CSV file. To import users:

  1. Login to your tenant with admin credentials.

  2. Go to Settings > Security Cloud Platform > Users (under Netskope Client).

  3. In the users page, click Add Users to start adding users.

  4. In the Add Users pop-up box, you can either add user emails as comma separated values or upload a CSV file with user details. The CSV file must have data in the following format.

    email (required), last name (optional), and first name (optional)

Using SCIM App

System for Cross-domain Identity Management (SCIM) defines a standard for exchanging identity information across different cloud app vendors. The objects that are exchanged using SCIM are called resources (like user resource, group resource etc). The purpose of SCIM is to automate the exchange of user identity information across apps for user provisioning.

Netskope SCIM implementation follows the RFC 7643 & 7644 standards and support SCIM calls from IDPs that follows the same SCIM RFC standards. The following are the list of Netskope supported SCIM calls:

GET

POST

DEL

PATCH

  • List all Users

  • Get User by SCIM ID

  • List all Groups

  • Get Group by SCIM ID

  • Create User

  • Create Group

  • Delete User

  • Delete Group

  • Add User to Group

  • Remove User to Group

  • Toggle Active

To watch a video about Azure AD SCIM provisioning, click play.

 

To watch a video about Okta SCIM provisioning, click play.

 

For more information on using Netskope SCIM app to import users, click here.

Using Directory Importer

Directory Importer connects to all the domain controllers (DC) selected in the Select Domains dialog box if the selected Directory Service is Active Directory; otherwise, Directory Importer connects to the LDAP server configured and periodically fetches user and group information to post that info to your tenant instance in the Netskope cloud. Customers that are using Secure Forwarder and or the Netskope Client can utilize user and group membership information to send invites for Netskope Client installation and to configure cloud app policies.

To watch a video about how you can use email identifiers to import users, click play.

 

For more details on using Directory Importer, click here.