Netskope Help

SCIM-Based User Provisioning

System for Cross-domain Identity Management (SCIM) defines a standard for exchanging identity information across different cloud app vendors. The objects that are exchanged using SCIM are called resources (like user resource, group resource etc). The purpose of SCIM is to automate the exchange of user identity information across apps for user provisioning. 

A SCIM-enabled directory server (like Azure AD or Okta) can directly send user information to the SCIM server in Netskope cloud. This service is currently (in r50.0) available for Microsoft Azure AD and Okta via an OAuth token authentication.

To watch a video about Azure AD SCIM provisioning, click play.


To watch a video about Okta SCIM provisioning, click play.


To begin integrating with SCIM authentication services, you will need to create a unique OAuth token. You can create an OAuth token from the Directory Tools page. To access this page:

  1. Go to Settings > Tools > Directory Tools.

  2. In the Directory Tools page, go to the SCIM Integration tab and click Add Token .

  3. Enter a client name and click Save.

Now, log in to your SCIM application account to set up an app that will post new user details to SCIM server.

To set up application, you will need the SCIM Server URL (also known as the application endpoint URL). This is available in SCIM in the SCIM Directory Tools page.

Follow the instructions specified for the respective applications to the app and provision users. Once complete, test the connection. If the test succeeds, the SCIM integration process is complete.

Microsoft Azure Support

Netskope currently supports the following:

  • Provisioning of users.

  • Provisioning of groups.

Netskope currently supports the following

  • Provisioning of users and user groups.