Onboarding OCI Infrastructure

Overview

Netskope One DSPM supports the ability to onboard, connect to, and scanning your Oracle Cloud Infrastructure (OCI) compartments. These capabilities require programmatic access to connect to and scan the Data Stores, including configuring specific OCI users or IAM roles.

Configure OCI Access

We recommend creating a dedicated OCI Domain, User, Group and Policy to connect your OCI environment to Netskope One DSPM.

Create OCI Domain

This is an optional step. You could choose to use an existing OCI domain when later creating the OCI User for providing read access to Netskope One DSPM

Log into the OCI Console
Navigate to Identity & Security section and select Domains
Click on the Create domain button
Provide the right name, description, type and administrator details

Create OCI User

We recommend creating a dedicated service account user to provide Netskope One DSPM with read only privileges required to perform Data Store Discovery.

Log into the OCI Console
Navigate to Identity & Security section and select Domains
Select the correct OCI compartment that you want to onboard to DSPM
Click on the correct domain and navigate to the Users section
Click on Create User to create a dedicated service account user to connect to DSPM
Copy the created user's OCID (this will be required as an input in Netskope One DSPM UI while onboarding the compartment)
Navigate to API keys section and Add API key for this user
Download the private and public key files (this will be required as an input in Netskope One DSPM UI while onboarding the compartment)
Also copy the Fingerprint value (this will be required as an input in Netskope One DSPM UI while onboarding the compartment)

Create OCI Group

Log into the OCI Console
Navigate to Identity & Security section and select Domains
Select the correct OCI compartment that you want to onboard to DSPM
Click on the correct domain and navigate to the Group section
Click on Create group to create a dedicated group for assigning the read only policies required for data store discovery and classification
Add the above-created OCI User to the Netskope One DSPM Group

Create OCI Policy

Log into the OCI Console
Navigate to Identity & Security section and select Policies
Select the correct OCI compartment that you want to onboard to DSPM
Click on Create Policy to create a dedicated policy to connect to Netskope One DSPM
Enter the Policy Name and description
Toggle the “Show manual editor” option and enter the below statements, substituting OCI GROUP with the above-created OCI Group and compartment with your OCI compartment
Click the Create button

Allow group <'OCI GROUP'> to inspect autonomous-databases in compartment <dspm>
Allow group <'OCI GROUP'> to inspect pluggable-databases in compartment <dspm>
Allow group <'OCI GROUP'> to inspect databases in compartment <dspm>
Allow group <'OCI GROUP'> to inspect db-nodes in compartment <dspm>
Allow group <'OCI GROUP'> to inspect vnic in compartment <dspm>

Create a Netskope One DSPM Infrastructure Connection

At this point, your configuration of OCI is complete, and Netskope One DSPM can now be connected to your infrastructure.

Log into Netskope One DSPM.
Navigate to Administration → Infrastructure Connections → OCI tab.
Click the Add Infrastructure button in the upper right.
Click ADD COMPARTMENT.
On the Capabilities tab, set the following toggles depending on your discovery & classification needs:

Toggle Description	Details
Auto-Discover New Compartments	Enables the auto-discovery and onboarding of newly-discovered child compartments, ensuring that your compartment list always remains accurate within DSPM
Auto-Discover New Data Stores	Enables the auto-discovery of newly-created data stores, to ensure that DSPM is always aware of all possible data stores

Click NEXT.
Enter the following values:

Field	Value
Compartment Name	Any value (this is used to identify your infrastructure connection within Netskope One DSPM).
Home Region	Obtain from your OCI console. Click on the region name near the top right corner of the screen. Then click in Manage regions and copy the Region Identifier for the home region and paste into Netskope One DSPM UI
Compartment OCID	You can onboard compartment at root or any intermediate level to include all child compartments within it. To retrieve the value required by Netskope One DSPM: Log into the OCI Console Navigate to Identity & Security section and select Identity Select the correct OCI compartment that you want to onboard to DSPM Copy the OCID value Enter the copied value the Compartment OCID field within Netskope One DSPM
Tenant OCID	To retrieve the value required by Netskope One DSPM: Log into the OCI Console Click on the profile icon on the top right corner, then click Tenancy Copy the Tenancy OCID value Enter the copied value the Tenant OCID field within Netskope One DSPM

Click NEXT.
Review the already filled fields
Enter the User OCID of the service account created in the Create OCI User section
Enter the Public Key Fingerprint that was copied while adding API Key to the OCI user
Upload the Private Key that was downloaded while adding API Key to the OCI user
Click SAVE.

Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

Sorry, we didn't find any relevant articles for you.