Provisioning Users for Netskope Client
One of the crucial steps towards deploying client in your environment is importing your users into your Netskope tenant. Netskope Cloud Platform leverages its own directory to apply security policies across all deployment modes and operating systems. For this reason, it is mandatory to populate user and groups as described in this article.
The following are the supported methods to import users into your Netskope tenant.
Import Methods and Supported User Attributes
Import Method | UPN | Email ID | First Name, Last Name | Groups | OU | Custom Attributes | Notes |
|---|---|---|---|---|---|---|---|
Manual Entries | No | Yes | No | No | No | No | This option is recommended only when adding a small number of users manually. |
Bulk Upload via CSV file | No | Yes | Yes | No | No | No | This option is recommended only when adding a small number of users manually. |
SCIM | Yes (userName) | Yes | Yes | Yes | No | No | Recommended option for large size deployment. |
Directory Importer | Yes | Yes | Yes | Yes | Yes | Yes |
Note
Email ID and UPN is a mandatory field during user import.
Email ID is mandatory in all deployment modes because it represent the user identity across the Netskope Secure Cloud Platform.
UPN is mandatory for transparent deployment of Netskope Client and is highly recommended.
Manual Entries or Bulk Upload
In this method you can do single or bulk import of users manually via the Tenant UI or using a CSV file. To import users:
Login to your tenant with admin credentials.
Go to Settings > Security Cloud Platform > Users (under Netskope Client).
In the users page, click Add Users to start adding users.
In the Add Users pop-up box, you can either add user emails as comma separated values or upload a CSV file with user details. The CSV file must have data in the following format:
email(required),last name(optional), andfirst name(optional)
Using SCIM App
System for Cross-domain Identity Management (SCIM) defines a standard for exchanging identity information across different cloud app vendors. The objects that are exchanged using SCIM are called resources (like user resource, group resource etc). The purpose of SCIM is to automate the exchange of user identity information across apps for user provisioning.
Netskope SCIM implementation follows the RFC 7643 & 7644 standards and support SCIM calls from IDPs that follows the same SCIM RFC standards. The following are the list of Netskope supported SCIM calls:
GET | POST | DEL | PATCH |
|---|---|---|---|
|
|
|
|
To watch a video about Okta SCIM provisioning, click play.
Using Directory Importer
Directory Importer connects to all the domain controllers (DC) selected in the Select Domains dialog box if the selected Directory Service is Active Directory; otherwise, Directory Importer connects to the LDAP server configured and periodically fetches user and group information to post that info to your tenant instance in the Netskope cloud. Customers that are using Secure Forwarder and or the Netskope Client can utilize user and group membership information to send invites for Netskope Client installation and to configure cloud app policies.
To watch a video about how you can use email identifiers to import users, click play.
For more details on using Directory Importer, click here.