I raised a NS Support ticket, but it’s not currently possible at this moment in time - so raising a Feature Request/Idea instead.
Current workaround is SAML + JIT to create users > custom built Okta Workflows using a full Tenant Admin scoped API token to disable Admins in Netskope.
Update the Netskope Admin app in Okta (https://www.okta.com/integrations/netskope-admin-console/) to support Admin SCIM:
- to support all CRUD actions
- allow group assignment of NetSkope roles
With that - allow the creation of Role/SvcAcc/API token scoped to only Admin Manage permissions - for least privileged access - like what is possible for NS End User Enrolment (https://docs.netskope.com/en/scim-user-provisioning-with-rbacv3)