Good morning @Aki,

I'd start by verifying the SCIM key and URL are both valid by performing a get user call using the SCIM API.   You can find the exact calls in our Postman collection here:

https://documenter.getpostman.com/view/7998136/SVfNwVFT?version=latest#intro

If that fails then you may need to issue another SCIM key and validate the URL.  If that succeeds, then I'd suggest opening a case with Netskope support with the diagnostic log bundle which can be generated by following the commands here:

https://docs.netskope.com/en/generate-diagnostic-logs.html

I hope this helps but if you have any followup questions please don't hesitate to ask. 

@Aki my apologies for the delay here as I typed up a response but failed to actually post it.   I did some digging on your error message.  Can you confirm that the tenant you're testing with is licensed for Advanced UEBA and that REST API v2 is enabled?  Do you have a key defined for the proper endpoints for UEBA? If so, I would validate that the key and URL are working by running a query against your tenant via our public Postman collection or via your own API tools.  This will confirm the validity of both the token and URL.  If that fails, I would issue another SCIM token (this will not revoke your old one).  If the Postman call succeeds, then I'd run the API call for listing SCIM users directly from the Cloud Exchange.  This will validate if the Cloud Exchange has proper connectivity to the Netskope management plane and the validity of the token and URL.  Once validated, please open a case with Netskope support if the issue persists as there may be an issue with Cloud Exchange or APIs that we need to investigate. 

Thank you for your comment.
Apologies for the delay in responding.

We have confirmed it is API permissions issue.
In APIv2, by enabling some write permissions, it worked fine.
Thanks for the comment.

Thank you very much.