Hello good evening everyone, thanks for the collaboration and your time.
Reviewing the documentation and so far from what is indicated in the documentation, it indicates Active Directory or LDAP groups and / or, Organizational Units ( OU ) but I have not seen, for environments where you do not have AD, to manage groups say local, ie with locally defined users, to generate local groups and associate accounts in a personalized way and at the same time to generate policies based on these custom local groups. Is this technically feasible in Netskope ?
I've asked for this numerous times, over the past 2 years. This feature would save massive amounts of headaches in targeting certain users without going through all the headaches of AD/Okta groups (those also take time to sync). It would also allow us to add in non-okta users (contractors) with there own groups. This would be such a huge win for customers.
Netskope has a standard SCIM API which can be used to create and manage custom groups and users within Netskope. This is how Azure AD, Okta, OneLogin, etc. manage users and groups. Keep in mind that any changes made within Netskope using the SCIM API would not be synced back to an identity source (e.g. Azure AD, Okta, etc.), which is why Netskope generally recommends using a standard SCIM-based identity solution.
Local Group defined in Netskope (not imported from an external directory, federated and/or IDP, fully local in Netskope):
Group - Sales: email@example.com - firstname.lastname@example.org Group - IT: email@example.com - firstname.lastname@example.org Group - Marketing: email@example.com - firstname.lastname@example.org
And based on these groups can create real time policies?
All this without Active Directory or User AD, or any other directory or server, just local groups defined in Netskope ? is this possible ? Please confirm
On the other hand, if SCIM of Netskope is used, which would be the requirements ? would need some local on premise internal server that somehow define local groups and pass them to Netskope and then be able to use them in Netskope ? Since I am not entirely clear on that point.
@MetgatzNK Yes, it is possible to create users and groups and add users to groups using Netskope SCIM. Then these groups and users can be leveraged in policies. I am currently working on a guide to demonstrate how to do this and can post it back to the community when it's completed.