There are some options you can check for your particular case:

1. Use out of domain personal or other company email addresses and deploy using email invite. You can manually setup users for example in gmail.com domain or in 3rdparty.com and then if those emails exist send an email invite from Netskope console so that particular user can install in their mac Netskope agent although as far as I know you will have to do this manually on a per user basis, and would use only the latest version of the agent. The provisioning, enrollment would be done with that email which you can use in real-time policies an other configurations.
2. If you have an environment which uses Microsoft Entra ID and provision user syncing via SCIM there is a Microsoft feature called guest users. You can setup in Microsoft the emails that they can use and they don’t have to belong to your domain an as in the 1st option can be used with personal emails or external domains of other companies with the advantage that you can setup Microsoft user groups for the invited users and sync via SCIM their memberships and provisioning like corporate users and use both objects (user/groups) for real-time policies in Netskope. For the deployment you could use email invite or maybe IDP (I have not tested this case in particular but it might work as the credential challenge in those cases I think is redirected to an email code verification)