This one is more for my tech partners than for customers. If you tie your idp into your Netskope tenant you would never do this. This is really just for a lab environment. This will create users and groups that you can then use in policy.
Create API token for scim
Go to Settings > Tools > REST API v2 > New Token
Create an API token that has the two scim endpoints added.
With the token copied and stored somewhere. Go to API Documentation.
Add the token to the Authorize
In the scim section use the apis to view and create the users/groups.
Adding a user
Start by adding the user. Be sure to change the userName
POST /api/v2/scim/Users
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "taylorkelce",
"name": {
"familyName": "kelce",
"givenName": "taylor"
},
"active": true,
"emails": [
{
"value": "taylor@eras.tour",
"primary": true
}
],
"externalId": "User-Ext_id",
"meta": {
"resourceType": "User"
}
}
Search for your user. You will need their id
GET /api/v2/scim/Users
{"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults": 1, "itemsPerPage": 1, "startIndex": 1, "Resources": [{"id": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f", "externalId": "User-Ext_id", "userName": "taylorkelce", "active": true, "name": {"givenName": "taylor", "familyName": "kelce"}, "emails": [{"type": "work", "value": "taylor@eras.tour", "primary": true}]}]}
Adding a new group
Create a new group if you need a new one. Add your new user to this group.
POST api/v2/scim/Groups
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "quality_assurance",
"members": [
{
"value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"
}
],
"externalId": "Group-Ext_id",
"meta": {
"resourceType": "Group"
}
}
You will get an output from creating the group like this
Group id - cd63742b-da96-46fb-bfab-70270b02e372
User id - fd263a78-cb5b-4319-b9c8-08e9b4f8716f
{
"displayName": "quality_assurance",
"externalId": "Group-Ext_id",
"id": "cd63742b-da96-46fb-bfab-70270b02e372",
"members": [
{
"value": "fd263a78-cb5b-4319-b9c8-08e9b4f8716f"
}
],
"meta": {
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}
Adding a user to a group
PATCH /api/v2/scim/Groups/{id}
Grab the user id from when you create a new user and use that and the group id with the PATCH API.
PATCH adding the user
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"path": "members",
"op": "add",
"value": {
"value": {
"value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"
}
}
}
]
}
Use the GET /api/v2/scim/Groups/{id} to view results.
{
"displayName": "quality_assurance",
"externalId": "Group-Ext_id",
"id": "cd63742b-da96-46fb-bfab-70270b02e372",
"members": [
{
"display": "taylor@eras.tour",
"type": "User",
"value": "41a61f55-07d2-482a-8b29-1e8dd9107ee4"
},
{
"display": "travis@eras.tour",
"type": "User",
"value": "b7168e4f-44ca-4c00-9890-b1236ee4bc93"
}
],
"meta": {
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}