Netskope Global Technical Success (GTS)
Replace SCIM Integration with Netskope Rest APIv2 for JumpCloud
Netskope Cloud Version - 122
Objective
This article aims to explain how to replace the soon to be deprecated “SCIM Integration” with Netskope APIv2 for users/groups provisioning and JumpCloud.
For further information, please visit to the following articles:
Note: EoL is targeted on the 21st of March, 2025.
Context
SCIM integration between Netskope and JumpCloud for the users and groups provisioning uses an OAuth token to access provisioning service in the cloud via URL: “addon-*.goskope.com/SCIM/v2”, this will be deprecated in March next year, and customers must take actions prior to its deprecation.
“SCIM integration” is located under
Path: Netskope Tenant UI >>> Settings >>> Tools >>> Directory Tools >>> SCIM Integration as shown below:
Procedure
| ℹ️ If your tenant has been already migrated to RBACv3 please define the Service Account with the needed API v2 endpoint as explained here: https://docs.netskope.com/en/scim-user-provisioning-with-rbacv3 |
Step #1
Path: Netskope Tenant UI >>> Settings >>> Tools >>> REST API V2 page, create a new token as follow
After that you click “SAVE”, please ensure you save the API V2 token by clicking the “COPY TOKEN” as shown below:
| ⚠️#1. Ensure that the Rest Api v2 feature is turned on ⚠️#2. Every REST API V2 token has an expiration |
Step #2.
On the JumpCloud console locate the Netskope SSO Application and temporarily Deactivate the “Identity management” sync to enter into the edit mode. Replace the Base URL and the Token key as shown below
| Current value | New Value | |
| URL | https://addon-<tenantname>[.region].goskope.com/SCIM/v2 | https://<tenantname>[.region].goskope.com/api/v2/scim |
| Token | Old token got from the “Settings >>> Tools >>> Directory Tools >>> SCIM Integration” | New token created at Step #1 |
Step #3
After the URL and Token edit click on activate, ensure that the connection works as shown below and then click SAVE
| ⚠️ As mentioned on the Netskope Product EOL Announcements, If your Netskope tenant is hardened using IP Allowlist (Settings >>> Administration >>> IP Allowlist - see screenshot below), then you must ensure you add the respective source IP addresses of your integrated REST API V2 services to the Custom IP list. Important: JumpCloud don’t provide and IP, please reach the JumpCLoud Team if any IP allowlist is defined Create an Allow List for JumpCloud Services |
| ℹ️To ensure that the users sync activities based on REST API V2 are working fine, check the Audit log on the Setting >>> Administration >>> Audit log page, the admin user have to match with the API V2 token name defined at the Step #1 |
Step #4
After some days of monitoring, please proceed to remove the old token under Settings >>> Tools >>> Directory Tools >>> SCIM Integration page as shown below
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
