This one is more for my tech partners than for customers. If you tie your idp into your Netskope tenant you would never do this. This is really just for a lab environment. This will create users and groups that you can then use in policy. 

Create API token for scim

Go to Settings > Tools > REST API v2 > New Token

Create an API token that has the two scim endpoints added. 

With the token copied and stored somewhere. Go to API Documentation. 

Add the token to the Authorize

In the scim section use the apis to view and create the users/groups. 

Adding a user

Start by adding the user. Be sure to change the userName

POST /api/v2/scim/Users

{

  "schemas": o

    "urn:ietf:params:scim:schemas:core:2.0:User"

  ],

  "userName": "taylorkelce",

  "name": {

    "familyName": "kelce",

    "givenName": "taylor"

  },

  "active": true,

  "emails":

    {

      "value": "taylor@eras.tour",

      "primary": true

    }

  ],

  "externalId": "User-Ext_id",

  "meta": {

    "resourceType": "User"

  }

}

Search for your user. You will need their id

GET /api/v2/scim/Users

{"schemas": s"urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults": 1, "itemsPerPage": 1, "startIndex": 1, "Resources": s{"id": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f", "externalId": "User-Ext_id", "userName": "taylorkelce", "active": true, "name": {"givenName": "taylor", "familyName": "kelce"}, "emails": s{"type": "work", "value": "taylor@eras.tour", "primary": true}]}]}

Adding a new group

Create a new group if you need a new one. Add your new user to this group. 

POST api/v2/scim/Groups

{

  "schemas": s

    "urn:ietf:params:scim:schemas:core:2.0:Group"

  ],

  "displayName": "quality_assurance",

  "members": ;

    {

      "value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"

    }

  ],

  "externalId": "Group-Ext_id",

  "meta": {

    "resourceType": "Group"

  }

}

You will get an output from creating the group like this 

Group id - cd63742b-da96-46fb-bfab-70270b02e372

User id - fd263a78-cb5b-4319-b9c8-08e9b4f8716f

{

  "displayName": "quality_assurance",

  "externalId": "Group-Ext_id",

  "id": "cd63742b-da96-46fb-bfab-70270b02e372",

  "members": �

    {

      "value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"

    }

  ],

  "meta": {

    "resourceType": "Group"

  },

  "schemas": n

    "urn:ietf:params:scim:schemas:core:2.0:Group"

  ]

}

Adding a user to a group

PATCH /api/v2/scim/Groups/{id}

Grab the user id from when you create a new user and use that and the group id with the PATCH API. 

PATCH adding the user

{

  "schemas": n

    "urn:ietf:params:scim:api:messages:2.0:PatchOp"

  ],

  "Operations": <

    {

      "path": "members",

      "op": "add",

      "value": {

        "value": {

          "value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"

        }

      }

    }

  ]

}

Use the GET /api/v2/scim/Groups/{id}?attributes=members to view results.

Note: this requires “SCIM Query Attributes Support for Group Membership” to be enabled on the backend. 

{

  "displayName": "quality_assurance",

  "externalId": "Group-Ext_id",

  "id": "cd63742b-da96-46fb-bfab-70270b02e372",

  "members": p

    {

      "display": "taylor@eras.tour",

      "type": "User",

      "value": "41a61f55-07d2-482a-8b29-1e8dd9107ee4"

    },

    {

      "display": "travis@eras.tour",

      "type": "User",

      "value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"

    }

  ],

  "meta": {

    "resourceType": "Group"

  },

  "schemas": 0

    "urn:ietf:params:scim:schemas:core:2.0:Group"

  ]

}