Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- Re: User groups locally defined in Netskope
User groups locally defined in Netskope
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2022 11:41 PM
User groups locally defined in Netskope.
Hello good evening everyone, thanks for the collaboration and your time.
Reviewing the documentation and so far from what is indicated in the documentation, it indicates Active Directory or LDAP groups and / or, Organizational Units ( OU ) but I have not seen, for environments where you do not have AD, to manage groups say local, ie with locally defined users, to generate local groups and associate accounts in a personalized way and at the same time to generate policies based on these custom local groups.
Is this technically feasible in Netskope ?
Thank you, best regards
- Labels:
-
Groups
-
Local Groups
-
users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2022 05:41 AM
I've asked for this numerous times, over the past 2 years. This feature would save massive amounts of headaches in targeting certain users without going through all the headaches of AD/Okta groups (those also take time to sync). It would also allow us to add in non-okta users (contractors) with there own groups. This would be such a huge win for customers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2022 12:34 PM - edited 11-22-2022 12:48 PM
Overview
Netskope has a standard SCIM API which can be used to create and manage custom groups and users within Netskope. This is how Azure AD, Okta, OneLogin, etc. manage users and groups. Keep in mind that any changes made within Netskope using the SCIM API would not be synced back to an identity source (e.g. Azure AD, Okta, etc.), which is why Netskope generally recommends using a standard SCIM-based identity solution.
Public Documentation for Creating a SCIM Token
https://docs.netskope.com/en/scim-based-user-provisioning.html
Public Documentation and Examples for Managing SCIM via API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2022 11:10 PM
Hello, good evening:
Thank you for your reply and for your time
Mostly for clarification, there is no standard way to create example X netskope users based on mails, e.g.
usersales01@contoso.com, usersales02@contoso.com
userit01@contoso.com, userit02@contoso.com
usermerketing01@contoso.com, usermerketing02@contoso.com
Local Group defined in Netskope (not imported from an external directory, federated and/or IDP, fully local in Netskope):
Group - Sales: usersales01@contoso.com - usersales02@contoso.com
Group - IT: userit01@contoso.com - userit02@contoso.com
Group - Marketing: usermerketing@contoso.com - usermerketing02@contoso.com
And based on these groups can create real time policies?
All this without Active Directory or User AD, or any other directory or server, just local groups defined in Netskope ? is this possible ? Please confirm
On the other hand, if SCIM of Netskope is used, which would be the requirements ? would need some local on premise internal server that somehow define local groups and pass them to Netskope and then be able to use them in Netskope ? Since I am not entirely clear on that point.
Thanks for your help
Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2023 09:10 AM
@MetgatzNK Yes, it is possible to create users and groups and add users to groups using Netskope SCIM. Then these groups and users can be leveraged in policies. I am currently working on a guide to demonstrate how to do this and can post it back to the community when it's completed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2023 09:54 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2023 03:01 PM
@MetgatzNK Here you go. Can you give me some feedback after you've tried it out? Also, I'm thinking about adding some scripting so what is in the guide can be done more in an automated fashion.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- SSPM : Monitoring Salesforce Delegated Group settings with SSPM in Security Posture Management
- Netskope Client "Blocked Events" are empty - is nothing blocked then? in Next Gen Secure Web Gateway (SWG)
- Identify and visualize "outliers" in your organizations in Advanced Analytics Dashboard
- Disable Edge Embedded DNS Resolver To Fix DNS Over TCP NPA Issue in Private Access for ZTNA
- [HOW-TO] - Configure Tenant SSO with PingOne in Next Gen Secure Web Gateway (SWG)
-
NG-SWG
24 -
SWG
23 -
NSClient
17 -
DLP
12 -
Next Gen SWG
11 -
NGSWG
8 -
netskope client
7 -
android
6 -
Client
5 -
cloud firewall
4 -
forward proxy
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
SCIM
4 -
CASB
4 -
GRE
4 -
Netskope Endpoint Client
4 -
Real-time Policy
4 -
URL List
4 -
users
3 -
Google Idp
3 -
Threat Protection
3 -
policy
3 -
Provisionning
3 -
DLP Violation
3 -
malware
3 -
categories
3 -
IDP
3 -
IOS
3 -
Groups
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
skopeit
3 -
cfw
3 -
Azure
2 -
inline
2 -
install
2 -
Advanced Analytics
2 -
traffic
2 -
ChromeOS
2 -
Directory Importer
2 -
IPSec Tunnels
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
PAC file
2 -
AWS
2 -
Reverse Proxy
2 -
url filtering
2 -
Admin
2 -
ipsec
2 -
Authentication
2 -
okta
2 -
Apps
2 -
steer traffic
2 -
Email DLP
2 -
cloud exchange
2 -
Azure AD
2 -
Netskope
2 -
User Notification
2 -
Advance Analytics
2 -
web
2 -
Chromebook
2 -
slowness issue
2 -
MacOS
2 -
steering exception
2 -
Netskope Agent
2 -
ssl
2 -
Certificate Pinned
2 -
communication between domain and application
1 -
data
1 -
Profile
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
Epic
1 -
Netskope Client installation mechanism
1 -
status
1 -
no decryption
1 -
alerts
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
SSL Decrypt Bypass
1 -
dashboards
1 -
google
1 -
multi-user mode
1 -
log data
1 -
Upload
1 -
Internet next hop type
1 -
openai
1 -
googledocs
1 -
interception
1 -
SASE
1 -
WebSecurity
1 -
Best Practices
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
chatgpt
1 -
appdefinition
1 -
browser
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
Artificial Intelligence
1 -
ldap
1 -
steering
1 -
block
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
explicit proxy over IPSec
1 -
AMP
1 -
MIP
1 -
Rest API
1 -
Report
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
Office 365
1 -
Evasive Phishing
1 -
best practice
1 -
security posture check
1 -
Proxy
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Access
1 -
domain fronting
1 -
CCI
1 -
User Group
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
MFA
1 -
Whitelist
1 -
SIEM Integration
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
Google chat
1 -
Windows Server 2016
1 -
domain
1 -
interoperability
1 -
Education
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
App
1 -
Netskope Admin
1 -
YouTube
1 -
file size
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
Sync
1 -
APP instance
1 -
licensing
1 -
incremental update
1 -
vpn
1 -
Netskope Threat Labs
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
Instances Corp
1 -
debugging
1 -
controls
1 -
native definition
1 -
API
1 -
Guidelines
1 -
configuration
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances APP Enterprise
1 -
fiddler
1 -
AAD
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
punycode
1 -
Whatsapp
1 -
Local admin
1 -
client update
1 -
Next Fen SWG
1 -
Custom Rule
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
discord
1 -
NativeApp
1 -
Internet Access
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In