Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Onboarding Azure Infrastructure via Terraform

    Table of Contents

    Overview Instructions for Infrastructure Connection Next Steps

    Overview

    These instructions are used for onboarding Azure Subscriptions and Tenants as infrastructure connections within Netskope One DSPM via Terraform. Such connections permit Netskope One DSPM to discover your available data stores and facilitate scanning and classification activities. You will repeat these steps for each Azure Subscription or Tenant you wish to onboard to Netskope One DSPM.

    For these instructions, you will start activity within Netskope One DSPM, next be directed to perform actions within the Terraform CLI, Azure CLI or Console, then finally return to Netskope One DSPM to complete the connection. 

    Verify that the below software tools are installed and you are logged in on your machine before continuing. You will need to have the following toolset installed and configured while invoking them from the terminal.

    In addition, ensure that you validate the latest version of these toolsets by running the following commands at your terminal prompt:

    terraform --version (Ver 1.5.1)
az version (Ver 2.50.0)

    Instructions for Infrastructure Connection

    Azure Subscription

    You will repeat these steps for each individual Azure Subscription you wish to onboard within the Netskope One DSPM application.

     

    Steps to Complete Netskope One DSPM Infrastructure Connection

    1. Log into Netskope One DSPM.
    2. Navigate to Administration Infrastructure Connections → Azure tab.
    3. Click the Add Infrastructure button in the upper right. 
    4. Click ADD SUBSCRIPTION.
    5. Leave on or toggle off Auto-Discover New Data Stores, depending on your preference.
    6. Click NEXT.
    7. Enter the following values:
    Field Value
    Subscription Name Any value (this is used to identify your infrastructure connection within Netskope One DSPM).
    Subscription ID

    Obtain from your Azure console:
    Netskope One DSPM Service Account Role Will default to Netskope One DSPM_Role. Note that this value needs to be unique to each onboarded Subscription.
    1.  Select Terraform.
    2.  Click DOWNLOAD TEMPLATE to download a .zip file with Terraform scripts. Leave Netskope One DSPM open with the Add Infrastructure modal to return to later.

    The next several steps are completed within the terminal on your local machine: 

    1.  Extract the .zip file from your downloads folder. A folder is created called account, which will contain the relevant Terraform files.
    2. Run the following command: terraform init. The command will run with the text Initializing the backend…
    3.  Once complete, you will see success text in green: Terraform has been successfully initialized, with additional output text below.
    4. Run the script by running the command: terraform apply. You will see a warning here if you are not logged in or have improper credentials within Azure.
    5. You will see an output of resources to be created, including Application ID, Secret, Tenant ID and Subscription ID. Enter yes to continue.
    6. Once finished, you will see success text in green: Apply complete! Resources: XX added, 0 changed, 0 destroyed.
    7. Outputs will include values you will copy/paste into for corresponding fields for last step to complete the infrastructure connection in Netskope One DSPM.
    Netskope One DSPM Field Corresponding Alphanumeric Value
    Application ID application_id
    Application Secret secret
    Tenant ID tenant_id

    Return to Add Infrastructure modal in Netskope One DSPM and click I'VE ALREADY RUN THE TEMPLATE.

    1.  Paste the alphanumeric values described above into their corresponding fields:
    1. Click SAVE. You may see a warning about empty responses for certain data stores if those resources are not in use; this can safely be dismissed.

    Your Azure Subscription infrastructure connection is now complete, and you are able to discover data stores for analysis.

     
     

    Azure Tenant

    You will repeat these steps for each Azure Tenant you wish to onboard within the Netskope One DSPM application.

     

    Steps to Complete Netskope One DSPM Infrastructure Connection

    1. Log into Netskope One DSPM.
    2. Navigate to Administration Infrastructure Connections → Azure tab.
    3. Click the Add Infrastructure button in the upper right. 
    4. Click ADD TENANT.
    5. Leave on or toggle off Auto-Discover New Accounts and Auto-Discover New Data Stores, depending on your preference.
    6. Click NEXT.
    7. Enter the following values:
    Field Value
    Tenant Name Any value (this is used to identify your infrastructure connection within Netskope One DSPM).
    Tenant ID

    Obtain from your Azure console:
    Netskope One DSPM Service Account Role Will default to Netskope One DSPM_Role. Note that this value needs to be unique to each onboarded Tenant.
    1.  Select Terraform.
    2.  Click DOWNLOAD TEMPLATE to download a .zip file with Terraform scripts. Leave Netskope One DSPM open with the Add Infrastructure modal to return to later.

    The next several steps are completed within the terminal on your local machine: 

    1.  Extract the .zip file from your downloads folder. A folder is created called org, which will contain the relevant Terraform files.
    2. Run the following command: terraform init. The command will run with the text Initializing the backend…
    3.  Once complete, you will see success text in green: Terraform has been successfully initialized, with additional output text below.
    4. Run the script by running the command: terraform apply. You will see a warning here if you are not logged in or have improper credentials within Azure.
    5. You will see an output of resources to be created, including Application ID, Secret, and Tenant ID. Enter yes to continue.
    6. Once finished, you will see success text in green: Apply complete! Resources: XX added, 0 changed, 0 destroyed.
    7. Outputs will include values you will copy/paste into for corresponding fields for last step to complete the infrastructure connection in Netskope One DSPM.
    Netskope One DSPM Field Corresponding Alphanumeric Value
    Application ID application_id
    Application Secret secret
    Tenant ID tenant_id

    Return to Add Infrastructure modal in Netskope One DSPM and click I'VE ALREADY RUN THE TEMPLATE.

    1.  Paste the alphanumeric values described above into their corresponding fields:
    1. Click SAVE. You may see a warning about empty responses for certain data stores if those resources are not in use; this can safely be dismissed.

    Your Azure Tenant infrastructure connection is now complete, and you are able to discover data stores for analysis.

     
     

    Note: For each Azure Subscription infrastructure connection, if it is a member of the Tenant being onboarded, we consolidate that individual infrastructure connection to fall underneath the Tenant within the UI. 

     

    Next Steps

    • If you have additional Azure Tenants or Subscriptions to onboard in Netskope One DSPM, repeat the above steps.
    • Connect your discovered Data Stores. For more information, visit our Connecting Azure Data Stores category and select the article(s) applicable to the Data Store Type(s) you wish to connect.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support