This one is more for my tech partners than for customers. If you tie your idp into your Netskope tenant you would never do this. This is really just for a lab environment. This will create users and groups that you can then use in policy.Â
Â
Create API token for scim
Go to Settings > Tools > REST API v2 > New Token
Â
Â
Create an API token that has the two scim endpoints added.Â
Â
With the token copied and stored somewhere. Go to API Documentation.Â
Â
Add the token to the Authorize
Â
In the scim section use the apis to view and create the users/groups.Â
Â
Adding a user
Start by adding the user. Be sure to change the userName
POST /api/v2/scim/Users
{
  "schemas": o
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "taylorkelce",
  "name": {
    "familyName": "kelce",
    "givenName": "taylor"
  },
  "active": true,
  "emails":
    {
      "value": "taylor@eras.tour",
      "primary": true
    }
  ],
  "externalId": "User-Ext_id",
  "meta": {
    "resourceType": "User"
  }
}
Â
Search for your user. You will need their id
GET /api/v2/scim/Users
Â
{"schemas": s"urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults": 1, "itemsPerPage": 1, "startIndex": 1, "Resources": s{"id": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f", "externalId": "User-Ext_id", "userName": "taylorkelce", "active": true, "name": {"givenName": "taylor", "familyName": "kelce"}, "emails": s{"type": "work", "value": "taylor@eras.tour", "primary": true}]}]}
Â
Adding a new group
Create a new group if you need a new one. Add your new user to this group.Â
POST api/v2/scim/Groups
Â
{
  "schemas": s
    "urn:ietf:params:scim:schemas:core:2.0:Group"
  ],
  "displayName": "quality_assurance",
  "members": ;
    {
      "value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"
    }
  ],
  "externalId": "Group-Ext_id",
  "meta": {
    "resourceType": "Group"
  }
}
Â
You will get an output from creating the group like thisÂ
Group id - cd63742b-da96-46fb-bfab-70270b02e372
User id - fd263a78-cb5b-4319-b9c8-08e9b4f8716f
{
  "displayName": "quality_assurance",
  "externalId": "Group-Ext_id",
  "id": "cd63742b-da96-46fb-bfab-70270b02e372",
  "members":
    {
      "value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"
    }
  ],
  "meta": {
    "resourceType": "Group"
  },
  "schemas": n
    "urn:ietf:params:scim:schemas:core:2.0:Group"
  ]
}
Â
Adding a user to a group
PATCH /api/v2/scim/Groups/{id}
Â
Grab the user id from when you create a new user and use that and the group id with the PATCH API.Â
Â
PATCH adding the user
Â
{
  "schemas": n
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": <
    {
      "path": "members",
      "op": "add",
      "value": {
        "value": {
          "value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"
        }
      }
    }
  ]
}
Â
Use the GET /api/v2/scim/Groups/{id} to view results.Â
Â
{
  "displayName": "quality_assurance",
  "externalId": "Group-Ext_id",
  "id": "cd63742b-da96-46fb-bfab-70270b02e372",
  "members": s
    {
      "display": "taylor@eras.tour",
      "type": "User",
      "value": "41a61f55-07d2-482a-8b29-1e8dd9107ee4"
    },
    {
      "display": "travis@eras.tour",
      "type": "User",
      "value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"
    }
  ],
  "meta": {
    "resourceType": "Group"
  },
  "schemas": <
    "urn:ietf:params:scim:schemas:core:2.0:Group"
  ]
}
Â