This article explains how to connect Netskope Next Gen SWG to Workbench.

Step 1: Generate API Credentials

Netskope REST APIs use an auth token to make authorized calls to the API. Expel uses Netskope REST APIs to access resources through URI paths.


Before you begin, reach out to Netskope to enable REST API v2.

  1. In the Netskope UI, navigate to Settings > Tools > Rest API v2.

  2. On the REST API v2 page, click New Token.

  3. Type Expel for token name, select a token expiration time that fits in your company's policy, and then click Add Endpoint to select the API endpoints to use with the token.

  4. Specify READ privileges for API endpoint api/v2/events/data/alert.

  5. A confirmation opens showing whether the token creation was a success. If so, click Copy Token to save it for later use.


    The only opportunity to copy the token is immediately after you create it.

  6. Confirm that the area at the top of the screen referencing REST API Status shows that it is enabled.

Step 2: Configure the technology in Workbench


Expel secures all login information our SOC analysts need about your devices in an MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. In a new browser tab, log into

  2. Complete all fields using the credentials and information you collected in Step 1.

    • For Name type the host name of the device.

    • For Location type the geographic location of the appliance.

    • For Server type your Netskope URL.

    • For Token type the API generated in Step 1.


This page was accurate at the time of writing, but changes happen. If you find the instructions are outdated, let us know via your engagement manager or account representative.