Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Other Forums
- Additional Discussions
- SCIM-Based User Provisioning with Azure Active Dir...
SCIM-Based User Provisioning with Azure Active Directory Free
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022
02:26 AM
- last edited on
02-24-2022
11:29 AM
by
kh_jenn
Hello,
I'm looking to add groups with Azure Active Directory Free.
The users are well synchronized but not the groups. Is it mandatory to upgrade to Azure Active Directory P1 for this feature?
Thank you
Regards,
Solved! Go to Solution.
- Labels:
-
Azure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 10:03 AM
Hi, this looks to be a MS limitation, see https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-port....
The third paragraph states the following:
Group-based assignment requires Azure Active Directory Premium P1 or P2 edition. Group-based assignment is supported for Security groups only. Nested group memberships and Microsoft 365 groups are not currently supported. For more licensing requirements for the features discussed in this article, see the Azure Active Directory pricing page.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 07:02 AM
Did you add the groups to the Netskope SCIM Enterprise Application? Do the provisioning logs tell you anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 08:51 AM - edited 02-24-2022 10:52 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2022 10:03 AM
Hi, this looks to be a MS limitation, see https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-port....
The third paragraph states the following:
Group-based assignment requires Azure Active Directory Premium P1 or P2 edition. Group-based assignment is supported for Security groups only. Nested group memberships and Microsoft 365 groups are not currently supported. For more licensing requirements for the features discussed in this article, see the Azure Active Directory pricing page.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2022 12:53 AM
You can always use postman to create the groups and add the users to the groups, not optimal but if this is just for testing purposes it will work
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Can you enable Netskope Client via command line? in Additional Discussions
- Secure Hybrid Access with Azure Active Directory (AAD) and Netskope in Additional Discussions
- User Provisioning and Client Rollout Tips: Can I sync all users at once? in Additional Discussions
- SSL certs for Cloud Exchange using Let’s Encrypt in Additional Discussions
- Provisioning Users and Groups from Office 365 to Netskope/Policies based on Groups Users Office 365 in Additional Discussions
-
cloud exchange
14 -
DLP
10 -
Threat Protection
6 -
sdwan
5 -
MacOS
5 -
Advanced Analytics
4 -
IaaS
4 -
netskope client
4 -
CASB
3 -
cloud threat exchange
3 -
SASE
3 -
SWG
3 -
ztna
3 -
ipsec
3 -
client update
3 -
API
3 -
Netskope Agent
3 -
SupportPoral
3 -
vpn
2 -
Rest API
2 -
Community Forum
2 -
Proxy
2 -
Real-time Policy
2 -
NPA
2 -
Webinar
2 -
Netskope
2 -
Netskope Client installation mechanism
2 -
steering
2 -
publisher
2 -
Azure
2 -
Netskope Endpoint Client
2 -
technology partner
2 -
Windows 365 Desktop
2 -
Client
2 -
docker
2 -
SCIM
2 -
best practice
2 -
on-prem
2 -
NSClient
2 -
private access
2 -
Azure AD
2 -
Community Resources
2 -
NG-SWG
2 -
Cloud & Threat Challenges
2 -
SAML
2 -
crowdstrike
1 -
user
1 -
Workshops
1 -
IDP
1 -
Netskope Cloud Security
1 -
Netskope Community
1 -
Users Policies
1 -
PAC file
1 -
Netskope Advocacy
1 -
POP Server
1 -
QRadar
1 -
RBAC
1 -
voip
1 -
regex
1 -
Based-Group
1 -
proxy configurations
1 -
Admin
1 -
cisco
1 -
policy
1 -
export
1 -
roadmap
1 -
Based-Users
1 -
explicit proxy over IPSec
1 -
Microsoft Outlook
1 -
skopeit
1 -
MIP
1 -
MS Teams
1 -
Netskope Private Access
1 -
On-Premise Detection
1 -
HELP!
1 -
Infrastructure as Code (IaC)
1 -
SD-WAN
1 -
meraki
1 -
Authentication
1 -
APIv2
1 -
Remote access
1 -
Microsoft Sentinel
1 -
SupportPortal
1 -
Netskope Admin
1 -
cloud app
1 -
Email DLP
1 -
SIEM Integration
1 -
Managed apps
1 -
Verizon
1 -
Home-office
1 -
traffic routing
1 -
OVF-OVA
1 -
json
1 -
coexistence
1 -
VMware
1 -
DBIR
1 -
remote workers
1 -
traffic steering
1 -
Linux based
1 -
restriction
1 -
interoperability
1 -
logs
1 -
Adoption
1 -
Groups
1 -
Virtual Machines
1 -
HA
1 -
NewEdge
1 -
certificate error
1 -
integration
1 -
option
1 -
GRE
1 -
Reporting
1 -
Rest API to fetch the Users from NetSkope
1 -
Azure Virtual Desktop
1 -
PROD
1 -
Communications
1 -
Forensic File Storage
1 -
OSX
1 -
tunnel
1 -
ServiceNow
1 -
SMTP
1 -
Threat and Vulnerability Management
1 -
Provisionning
1 -
Monitoring
1 -
Auto-update
1 -
DLP Violation
1 -
security posture check
1 -
Bug
1 -
Cloud Security
1 -
User Defined Route (UDR)
1 -
scim query postman
1 -
Time Actively Spent on Sites Widget
1 -
CCI
1 -
Macintosh
1 -
Support
1 -
install
1 -
Unmanaged Devices
1 -
Office365
1 -
Internet next hop type
1 -
ChangeManagement
1 -
Technical Success
1 -
API Credentials
1 -
steer traffic
1 -
beta
1 -
single mode
1 -
Active Directory
1 -
Waterfox Browser
1 -
AD
1 -
hub-and-spoke model
1 -
Workflow
1 -
License
1 -
risk management: cloud services
1 -
datacenter
1 -
multi-user mode
1 -
Adapters
1 -
Next Gen SWG
1 -
Network Virtual Appliances (NVA)
1 -
Business Rule
1 -
cloudexchange
1 -
advanced analytics custom
1 -
pop
1 -
peruserconfig
1 -
RBI
1 -
tenant
1 -
AZURE-AD-FREE
1 -
IPSec Tunnels
1 -
Data Loss Prevention
1 -
splunk
1 -
watermark
1 -
training
1 -
SSPM
1 -
Sync
1 -
Cloud Firewall License
1 -
SSO cloud exchange azureAD
1 -
syslog
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In