cancel
Showing results for 
Search instead for 
Did you mean: 

User groups locally defined in Netskope

MetgatzNK
Partner
Partner

User groups locally defined in Netskope.


Hello good evening everyone, thanks for the collaboration and your time.


Reviewing the documentation and so far from what is indicated in the documentation, it indicates Active Directory or LDAP groups and / or, Organizational Units ( OU ) but I have not seen, for environments where you do not have AD, to manage groups say local, ie with locally defined users, to generate local groups and associate accounts in a personalized way and at the same time to generate policies based on these custom local groups.
Is this technically feasible in Netskope ?


Thank you, best regards

3 REPLIES 3
nduda
New Contributor III

I've asked for this numerous times, over the past 2 years. This feature would save massive amounts of headaches in targeting certain users without going through all the headaches of AD/Okta groups (those also take time to sync). It would also allow us to add in non-okta users (contractors) with there own groups. This would be such a huge win for customers.

dtavernier
Netskope
Netskope

Overview

Netskope has a standard SCIM API which can be used to create and manage custom groups and users within Netskope. This is how Azure AD, Okta, OneLogin, etc. manage users and groups. Keep in mind that any changes made within Netskope using the SCIM API would not be synced back to an identity source (e.g. Azure AD, Okta, etc.), which is why Netskope generally recommends using a standard SCIM-based identity solution.

Public Documentation for Creating a SCIM Token

https://docs.netskope.com/en/scim-based-user-provisioning.html

Public Documentation and Examples for Managing SCIM via API

https://documenter.getpostman.com/view/7998136/SVfNwVFT?version=latest#3c4f2b33-fa5f-4ab8-b7bb-36304...

@dtavernier

Hello, good evening:

Thank you for your reply and for your time

Mostly for clarification, there is no standard way to create example X netskope users based on mails, e.g.

usersales01@contoso.com, usersales02@contoso.com
userit01@contoso.com, userit02@contoso.com
usermerketing01@contoso.com, usermerketing02@contoso.com

Local Group defined in Netskope (not imported from an external directory, federated and/or IDP, fully local in Netskope):

Group - Sales: usersales01@contoso.com - usersales02@contoso.com
Group - IT: userit01@contoso.com - userit02@contoso.com
Group - Marketing: usermerketing@contoso.com - usermerketing02@contoso.com

And based on these groups can create real time policies?

All this without Active Directory or User AD, or any other directory or server, just local groups defined in Netskope ? is this possible ? Please confirm

On the other hand, if SCIM of Netskope is used, which would be the requirements ? would need some local on premise internal server that somehow define local groups and pass them to Netskope and then be able to use them in Netskope ? Since I am not entirely clear on that point.

Thanks for your help

Best regards