Netskope Community
11-20-2022 11:41 PM
User groups locally defined in Netskope.
Hello good evening everyone, thanks for the collaboration and your time.
Reviewing the documentation and so far from what is indicated in the documentation, it indicates Active Directory or LDAP groups and / or, Organizational Units ( OU ) but I have not seen, for environments where you do not have AD, to manage groups say local, ie with locally defined users, to generate local groups and associate accounts in a personalized way and at the same time to generate policies based on these custom local groups.
Is this technically feasible in Netskope ?
Thank you, best regards
11-21-2022 05:41 AM
I've asked for this numerous times, over the past 2 years. This feature would save massive amounts of headaches in targeting certain users without going through all the headaches of AD/Okta groups (those also take time to sync). It would also allow us to add in non-okta users (contractors) with there own groups. This would be such a huge win for customers.
11-22-2022 12:34 PM - edited 11-22-2022 12:48 PM
Netskope has a standard SCIM API which can be used to create and manage custom groups and users within Netskope. This is how Azure AD, Okta, OneLogin, etc. manage users and groups. Keep in mind that any changes made within Netskope using the SCIM API would not be synced back to an identity source (e.g. Azure AD, Okta, etc.), which is why Netskope generally recommends using a standard SCIM-based identity solution.
https://docs.netskope.com/en/scim-based-user-provisioning.html
11-22-2022 11:10 PM
Hello, good evening:
Thank you for your reply and for your time
Mostly for clarification, there is no standard way to create example X netskope users based on mails, e.g.
usersales01@contoso.com, usersales02@contoso.com
userit01@contoso.com, userit02@contoso.com
usermerketing01@contoso.com, usermerketing02@contoso.com
Local Group defined in Netskope (not imported from an external directory, federated and/or IDP, fully local in Netskope):
Group - Sales: usersales01@contoso.com - usersales02@contoso.com
Group - IT: userit01@contoso.com - userit02@contoso.com
Group - Marketing: usermerketing@contoso.com - usermerketing02@contoso.com
And based on these groups can create real time policies?
All this without Active Directory or User AD, or any other directory or server, just local groups defined in Netskope ? is this possible ? Please confirm
On the other hand, if SCIM of Netskope is used, which would be the requirements ? would need some local on premise internal server that somehow define local groups and pass them to Netskope and then be able to use them in Netskope ? Since I am not entirely clear on that point.
Thanks for your help
Best regards
01-20-2023 09:10 AM
@MetgatzNK Yes, it is possible to create users and groups and add users to groups using Netskope SCIM. Then these groups and users can be leveraged in policies. I am currently working on a guide to demonstrate how to do this and can post it back to the community when it's completed.
01-30-2023 09:54 PM
02-15-2023 03:01 PM
@MetgatzNK Here you go. Can you give me some feedback after you've tried it out? Also, I'm thinking about adding some scripting so what is in the guide can be done more in an automated fashion.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In