Admin Account Domains
Admin accounts can only be created from the domains your Netskope admin specifies in the Admin Domains list below. This applies for both RBAC V1 and V2.
PREREQUISITES
You must first ensure any new admins you create have email addresses with domains added here in your Admin Account Domains list. To learn more: Create Administrators
Ensure the domains used for SSO/SLO Settings have email addresses with domains added here in your Admin Account Domains list. To learn more: SSO Settings
Existing user domains are automatically imported by the system during set-up. Therefore you may see some domains pre-populated in your Admin Account Domains list.
To define an admin account domain, follow the steps below:
Navigate to Settings > Administration > Internal Domains.
Click Edit and enter the domains. Enter one domain name per line. You can use wild card (*), for example, *.example.*. In addition, if you add “*.domain.com” in the Admin Account Domains, then any admin with domains like test.domain.com, test.newdomain.domain.com is allowed.
Supported formats:
*.domain.com (can be any length after *. ) e.g., test1.domain.com, test2.domain.com
domain.test.* (can be any length before .* ) e.g., domain.test.com, domain.test.br
domain.*.com (can be any length before and after .*. ) e.g., domain.domain2.com, domain.domain3.com
*.test.domain.* (can be any length between *. and .* ) e.g., domain.test.domain.com, domain-test.test.domain.ac.in
Click Save.
You must configure at least one Admin Account Domain or the following coaching message appears on your dashboard page.
AUDIT LOG
Navigate to Settings > Administration > Audit Log to view activity details for users.
The 'Activity' column shows general activity such as log in info, log out info, and upon account creation the admin role assigned to the new account, etc.
Click Activity column > View Details to see more details regarding the changes made by the admin. Details include the admin account that changed the settings, the before and after setting change, etc.
RBAC PRIVILEGES
Navigate to Settings > Administration > Roles to ensure admins have the correct privilege level. The following applies to both RBAC V1 and V2:
Users with "None" permissions will not see the Internal Domains page.
Users with "View" or "View Only" permissions will be able to view the Internal Domains page but cannot edit the Admin Account Domains or Internal Domains sections.
If you migrate from RBAC V1 to RBAC V2, permissions for the Admin and Internal Domains remains unchanged for all the custom roles. This is done by the system migration automatically.
If you are currently running RBAC V2, the Internal Domains are added to your custom and pre-defined roles with the permissions matching the Administration page settings. This is done by the system migration automatically.
Existing Next Gen CASB API users using custom roles must manually update the Internal Domains page access settings in the respective RBAC custom roles.
RBAC V1: Administrators must have "View and Manage" enabled.
RBAC V2: Administrators must have Page Permissions > Settings > Administration > Internal Domains > Manage enabled.