Creating a Shadow IT integration for Netskope

Integrate Netskope with Oomnitza and put the spotlight on Shadow IT. Get key security information such as who accessed unsanctioned apps, which apps were accessed, and when the apps were accessed. IT Security can monitor the information in Oomnitza to revise their security policies by either adding the unsanctioned app to their list of sanctioned apps or by denying access to the app.

Information about sanctioned apps can also be ingested by Oomnitza to monitor usage and determine whether a subscription to an app should be discontinued.

Figure: Overview of tasks to sync Netskope with Oomnitza

Plan

Retrieve authorization and connection details

To integrate Netskope with Oomnitza, you must retrieve the following information from Netskope:

• API token. Ensure that at least read permissions are granted to the following endpoint: /api/v2/events/data/application. See Netskope: Generate an API token.
• The name of your Netskope domain.
• SCIM (System for cross-identity management) URL and SCIM token. See Netskope: Provisioning and authentication.

About integrating Netskope with Oomnitza

Depending on how you set up Netskope to work with the identity provider (IdP) that you use, you can use Oomnitza: 

• To get out-of-the-box visibility of the SaaS applications that Netskope has has not tagged as sanctioned. In Oomnitza, you can view all the unsanctioned SaaS applications, the users who accessed them, and when they last accessed the SaaS applications. In Netskope, you can then decide whether to sanction the applications or deny access to them. 
• To get out-of-the-box visibility of all of the SaaS applications, the users who accessed them, and when they last accessed the SaaS applications. To retrieve an unfiltered view of all the SaaS applications that are accessed by users, you select the Include sanctioned applications option when you integrate Netskope with Oomnitza. In Netskope, you can then decide whether to sanction the applications or deny access to them.

You can also choose to integrate Netskope directly with Oomnitza to get out-of-the-box visibility of all of the SaaS applications, the users who accessed them, and when they last accessed the SaaS applications. To retrieve an unfiltered view of all the SaaS applications that are accessed by users, you select the Include sanctioned applications option when you integrate Netskope with Oomnitza. In Netskope, you can then decide whether to sanction the applications that are detected or deny access to them.

Connect 

To easily find the records that are uploaded to Oomnitza, it's best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve the records that are uploaded to Oomnitza from the vendor application. 

Creating integration users 

Creating the integration

Important
If you created a Netskope SaaS Management Integration before the Fall 2023 release, see Replacing the Netskope SaaS Management Integration.  

1. Click Configuration.
2. On the Integrations: Overview page, click Block view .
3. Scroll down to the Shadow IT Integrations section and click the Netskope tile.
4. Click Connect.
5. Enter your Netskope domain. Enter the URL https://<tenant-name>.goskope.com and replace  <tenant-name> with your Netskope tenant name.
6. Enter the authorization token.
7. Enter the System for Cross-Identity Management (SCIM) URL.
8. Enter the SCIM token.
9. Type the first few letters of the name of the integration user that you created and then select the user from the list. If an integration user isn’t specified, the integration user is set to saas_integration@oomnitza.com.
10. Add one or more integration contacts. The persons you add will receive and in-app notification and an email when an integration fails, starts processing but fails to complete processing within 24 hours, or fails to run when scheduled.
11. Select a default Oomnitza role such as Employee. All users that are uploaded from Netskope will be assigned the role you select. A record for each user will be added to the People page.
12. Select the lookback period for the initial load of records from Netskope.
13. Select the format that you want to use for the username.
14. If you don’t want users to log in to Oomnitza, select Restrict access to Oomnitza.
15. Optional. Select Include sanctioned applications. Information about the sanctioned SaaS applications as well as information about the unsanctioned applications that users access is retrieved. 
16. Click NEXT.
17. Create a schedule to sync with Oomnitza.
18. Click Finish.

Test

To test the integration, click the tile in the Saas Management Integration section and click RUN NOW. To check for errors, click Sync Sessions.

Monitor

To monitor the SaaS application records that are uploaded to Oomnitza, create a search. 

When you use the search that you created to review the records that were uploaded to Oomnitza on the Software page, the name of the SaaS application that was accessed is displayed, and the name of the user who created the integration. 

To review the users who accessed the SaaS apps, click a record, click an app, and then click the Users tab. Hover the mouse over the last activity info icon to get more details. To view the user’s Oomnitza record, hover the mouse over the user’s name and click the link.

Related articles

• Creating a search for SaaS records
• Creating dashboards for SaaS applications
• Creating a dashboard for unsanctioned SaaS apps