Authorization

When you add a Netskope card to a flow for the first time, Okta Workflows prompts you to configure the connection. This connection links to your Netskope account and saves your account information, so you can reuse the connection for future Netskope flows.

You can create multiple unique connections and manage them from the Connections page in the Okta Workflows Console.

Before you begin

You need the following elements to create a connection to a Netskope account:

  1. Enable the REST API v2 Services feature. Enable the Netskope REST API services feature before submitting REST API requests:

    • Sign in to Netskope as an admin.

    • Go to Settings > Tools > Rest API v2.

    • REST API Status: Shows the status and allows you to enable or disable the REST API tokens for the tenant. Click the pencil icon to edit and enable the REST API v2 tokens.

    • Click Save.

  2. Create a token:

    • On the REST API v2 page, click New Token.

    • Enter a token name, the token expiration time, and then click Add Endpoint to select the API Endpoints to use with the token.

    • Specify the privileges for each of the endpoints added. Read privileges include GET, and read and write privileges include GET, PUT, POST, PATCH, and DELETE.

      Custom API Action cards need specific scopes for different API Endpoints.

    • Grant the following scopes:
      • /api/v2/scim/Users Read + Write
      • /api/v2/scim/Groups Read + Write

    • Click Save.

    • A confirmation page opens showing whether the token creation was successful. If it was successful, click Copy Token to save it for later use in your API requests.

    • Click OK.

      For security reasons, the API Token is a one-time value, displayed on this confirmation page.

      After you leave this page, the API token value can't be retrieved from the system.

      If you lose the API token, you need to reset it to get a new value.

  3. Copy the subdomain of your Netskope URL.

Procedure

To create a Netskope connection in Okta Workflows:

  1. Open the Connections tab in the Workflows console or open a Netskope card.
  2. Click New Connection.
  3. Enter a connection Name. This is useful if you plan to create multiple connections to share with your team.
  4. Enter a connection Description. This is useful to have more information regarding your connection.
  5. In the Tenant field, enter the subdomain from your Netskope URL.
  6. In the API Token field, enter the API Token ID from your REST API.
  7. Click Create.

API Token Reissue

To manually reissue the API token after it expires:

  1. On the REST API v2 page, click the three-dot icon next to the API token, and choose Reissue.

  2. Click Reissue to confirm.

  3. A confirmation page opens showing whether the token reissue was successful. If it was successful, click Copy Token to save it for later use in your API requests.

  4. On the REST API v2 page, click the three-dot icon next to the API token, and choose Change Expiration.

  5. Select the new token expiration time and click Save.

  6. A confirmation message shows whether the operation was successful.