Netskope Help

SCIM-Based User Provisioning

System for Cross-domain Identity Management (SCIM) defines a standard for exchanging identity information across different cloud app vendors. The objects that are exchanged using SCIM are called resources (like user resource, group resource etc). The purpose of SCIM is to automate the exchange of user identity information across apps for user provisioning. 

A SCIM-enabled directory server (like Azure AD or Okta) can directly send user information to the SCIM server in Netskope cloud. This service is currently available for Microsoft Azure AD and Okta via an OAuth token authentication.

To begin integrating with SCIM authentication services, you will need to create a unique OAuth token. You can create an OAuth token from the Directory Tools page. To access this page:

  1. Go to Settings > Tools > Directory Tools.

  2. In the Directory Tools page, go to the SCIM Integration tab and click Add Token.

  3. Enter a Client Name and click Save.

Now, log in to your SCIM application account to set up an app that will post new user details to SCIM server.

To set up an application, you will need the SCIM Server URL (also known as the application endpoint URL) that is on the SCIM Integration tab on Directory Tools page.

For specific integration instructions, go to:

Follow the instructions specified for the respective applications to the app and provision users. Once complete, test the connection. If the test succeeds, the SCIM integration process is complete. For more details about SCIM integrations with Azure and Okta, go to:

Microsoft Azure Support

Netskope currently supports the following:

  • Provisioning of users.

  • Provisioning of groups.

Okta Support

Netskope currently supports the following:

  • Provisioning of users and user groups.