Netskope Help

User Provisioning with Azure AD

This document provides step by step instructions to create a Netskope SCIM app on Azure AD for provisioning users to your Netskope tenant.

Here is a short video that illustrates the procedure to configure Netskope SCIM app for Azure AD.

Before Your Begin

Ensure that you have the following before you begin creating the Netskope SCIM app.

  • Global admin access to Azure AD admin console.

  • Obtain SCIM Base URL and SCIM token from your tenant.

Note

Azure AD does not support assigning apps to nested groups.

Creating Netskope SCIM App on Azure AD

Log in to your Azure AD admin console with global admin credentials and follow these steps:

  1. Go to Azure Active Directory > Enterprise Applications. Click New Application.

    image8.png
  2. Search for netskope and select Netskope User Authentication from the list.

    image9.png
  3. Enter a Name: Netskope SCIM and click Add.

    image10.png

    A message will be displayed that the application was added successfully.

    image11.png
  4. Click Provision User Accounts.

    image12.png
  5. Click Get Started.

    image13.png
  6. Select Provisioning Mode as Automatic.

    Enter Netskope Tenant SCIM Server URL details.

    Enter Netskope OAUTH Token for SCIM Client details.

    Click Test Connection.

    Note: You need to test the connection successfully before you save the configuration; otherwise, you will get an error during save

    image14.png
    image15.png
    image16.png

    You can check In the Netskope tenant where the Last Used Time gets updated.

    image17.png
  7. Click Save.

    image18.png
    image19.png
    image20.png
  8. Next set Provisioning Status to ON.

    Click Save.

    image21.png
    image22.png
    image23.png

    Note

    The Default SCIM Mappings and Provisioning Scopes are listed under Mappings; refresh the page to view it. The mappings attributes are fixed and should not be changed. You can click on the mappings to view details.

    image24.png
  9. Add Azure users and groups to sync to the Netskope tenant.

    Select Users and Groups and select Add user.

    image25.png
  10. Select Users and Groups and then select the users and groups from the list.

    Click Select.

    image26.png
    image27.png
    image28.png
  11. The selected user and group will be listed as shown.

    image29.png
  12. Go back to the Provisioning section.

    Important

    Azure SCIM Provisioning interval is 40 minutes.

    Initial Sync

    image30.png

    After 40 minutes

    image31.png
  13. Click View Audit Logs to view synchronization events, which can be used for troubleshooting issues.

    image32.png
  14. Check Azure users in the Netskope UI under Settings > Security Cloud Platform > Users.

    image33.png
  15. Check Azure groups in the Netskope UI under Settings > Security Cloud Platform > Groups.

    image34.png
    image35.png

    Azure SCIM can sync:

    1. Users

    2. Groups which also includes Users within the groups (nested groups not supported by Azure SCIM).

  16. The Azure Users & Groups will also be available for selection in Real-time Protection Policies.

    image36.png

The SCIM configuration is completed