Skip to main content

This one is more for my tech partners than for customers. If you tie your idp into your Netskope tenant you would never do this. This is really just for a lab environment. This will create users and groups that you can then use in policy. 

 

Create API token for scim

Go to Settings > Tools > REST API v2 > New Token

 

lnD2hUcaIcDmarjMmg-ptymeyXXwHfQCMcMcIFt_Dpne-ILV04gAQPGZT15EU9ikDRGt2SrJ0-GIohdLGZzKsqeowh8B0vv80dNPZCV_03WcYs7NyC2h_KylPlbTfoqW8aFJHU3ISaXruN6mU0rTHGc

 

Create an API token that has the two scim endpoints added. 

1XvtAAmjSleXa7uJXlNtAXAAsoeCyMkMWsGDUq_CSSjIBJLZ_ZxwL2zHloBsG7UmQe3FY4mqSwB8hEMRh6jqZwAbAU0CjqO7GlnazkGIe50hZigsnNo8TYE5vniMk9NNqtG7n-vojdms6JjftKqROH0

 

With the token copied and stored somewhere. Go to API Documentation. 

lHlcJ0Xiwkoyjs2b4wSWFQwdXPtNhHYe3-MLnXMxsxrqg8LC3DwEY6u4cKvwp-NdNOyCVVCSGaEsQ761hUhSoCsYcatlz7Fs821NxqEOWa9G5wi_ZaC_mCeky2f_fGopjbdFvBKwVB0oSs2gl5QSaxA

 

Add the token to the Authorize

-INW49c4wQO6eAbcVY5bsnxODFXY-M8zXZ8uYMZlC1_lHkv85GdsEwtcIHrDbaMv0366s36K8UTpT1pZoimBxmnsAIi-Kxxr-qXE2Wzg2al4F2PEhHtwMPLCZxG6ZY60Zy667mMiBADoJqMTGqfqMyY

0enctNpnpEopshwlHXCydz6YIiMtyYGwA7oPJSCCRlecMid9VP1cQW-QXQkPfdGccZYYHq-qfPAbOwjQCY45-qxXY1kifbxeFmxlq9vL4Sj3-VuICssmxChyPIr1WWrFcUFMWv24CbAwAnvHVIVAFsQ

 

In the scim section use the apis to view and create the users/groups. 

u2uyJkA0B6GcvzMIglHFKRcfjCFYu1AnCD0PjZgI5O-7tqmUA3TgF2aiLyHvd9xXcFuSRDRO0865_3aF0RU5g27lskCzeOZDIICXLRgWbHzz_tQaWFdK0_db396rKT3IngTbDiUaajhOZ06UgIVW46o

 

Adding a user

Start by adding the user. Be sure to change the userName

POST /api/v2/scim/Users

{

  "schemas": o

    "urn:ietf:params:scim:schemas:core:2.0:User"

  ],

  "userName": "taylorkelce",

  "name": {

    "familyName": "kelce",

    "givenName": "taylor"

  },

  "active": true,

  "emails":

    {

      "value": "taylor@eras.tour",

      "primary": true

    }

  ],

  "externalId": "User-Ext_id",

  "meta": {

    "resourceType": "User"

  }

}

 

Search for your user. You will need their id

GET /api/v2/scim/Users

 

{"schemas": s"urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults": 1, "itemsPerPage": 1, "startIndex": 1, "Resources": s{"id": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f", "externalId": "User-Ext_id", "userName": "taylorkelce", "active": true, "name": {"givenName": "taylor", "familyName": "kelce"}, "emails": s{"type": "work", "value": "taylor@eras.tour", "primary": true}]}]}


 

Adding a new group

Create a new group if you need a new one. Add your new user to this group. 

POST api/v2/scim/Groups


 

{

  "schemas": s

    "urn:ietf:params:scim:schemas:core:2.0:Group"

  ],

  "displayName": "quality_assurance",

  "members": ;

    {

      "value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"

    }

  ],

  "externalId": "Group-Ext_id",

  "meta": {

    "resourceType": "Group"

  }

}


 

You will get an output from creating the group like this 

Group id - cd63742b-da96-46fb-bfab-70270b02e372

User id - fd263a78-cb5b-4319-b9c8-08e9b4f8716f

{

  "displayName": "quality_assurance",

  "externalId": "Group-Ext_id",

  "id": "cd63742b-da96-46fb-bfab-70270b02e372",

  "members":  

    {

      "value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"

    }

  ],

  "meta": {

    "resourceType": "Group"

  },

  "schemas": n

    "urn:ietf:params:scim:schemas:core:2.0:Group"

  ]

}

 

Adding a user to a group

PATCH /api/v2/scim/Groups/{id}

 

Grab the user id from when you create a new user and use that and the group id with the PATCH API. 

ZMFFU7TZ5Cxx03iZnV3FdA2KLmQyqJxKVGcHPH4l-cDYiUMDREk8CZQX28LzXQMn7mi6QCU5CmuzBXKFjnbsUT5-0zTsYPkuRn3pqyNxwFiLwA4myGo99cZllT5DNYJ9bf2hqqKzbZzHe2xGn3Su8Q8

 

PATCH adding the user

 

{

  "schemas": n

    "urn:ietf:params:scim:api:messages:2.0:PatchOp"

  ],

  "Operations": <

    {

      "path": "members",

      "op": "add",

      "value": {

        "value": {

          "value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"

        }

      }

    }

  ]

}

 

Use the GET /api/v2/scim/Groups/{id} to view results. 


 

{

  "displayName": "quality_assurance",

  "externalId": "Group-Ext_id",

  "id": "cd63742b-da96-46fb-bfab-70270b02e372",

  "members": s

    {

      "display": "taylor@eras.tour",

      "type": "User",

      "value": "41a61f55-07d2-482a-8b29-1e8dd9107ee4"

    },

    {

      "display": "travis@eras.tour",

      "type": "User",

      "value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"

    }

  ],

  "meta": {

    "resourceType": "Group"

  },

  "schemas": <

    "urn:ietf:params:scim:schemas:core:2.0:Group"

  ]

}

 

great tut except group members is not returned in the SCIM api v2


Reply