Integration Guide for SentinelOne

  • Updated on Feb 9, 2026
  • Published on Nov 4, 2025
  • 2 minute(s) read
  • e
  • EA
 Prev Next

This guide provides information on how to set up Beyond Identity integration with SentinelOne.

Prerequisites

Licensing Requirements

  • SentinelOne SKUs and Features required:

    • SentinelOne Control or Complete

Version Requirements

  • SentinelOne Console: Union Square#34

  • SentinelOne Agent: 22.2 and above

  • Beyond Identity Authenticator: Version 2.70.0 and above, supports macOS and Windows

Role/Access Requirements

  • SentinelOne Role/Access Requirements

    • API Token created from a service user with:

      • Account and site level scope access: Minimum built in role of ‘IR Team’

      • Custom Role Requirements:

  • Optional: Create a custom role with the following permissions:

  • Endpoints >  View

  • Endpoints >  Disconnect From Network

  • Log in as a user with minimum role of ‘Integrations Administrators’ for adding and configuring integrations and ‘Policy Administrators’ for configuring policy.

Configuration and Setup

SentinelOne Setup

Create a Custom Role

You can either use a built-in role IR Team or create a custom role.

To create a custom role:

  1. Log in to your SentinelOne Cloud console, then click Settings

  2. Select the Users tab.

  3. Select Roles.

  4. Click Actions, then select New Role.

  5. Give it a unique name and description, say BI_View_Disconnect

  6. Deselect Permissions by going through each of the permission sets associated with this role and clicking Deselect All (wherever allowed), or individually deselecting (where Deselect All is not permitted.)

  7. For Endpoint permission set, select only these 2 permissions

    1. Endpoints > Endpoints View

    2. Endpoints > Endpoints Disconnect From Network

  8. Click Save

Create an API Key

To create an API key for SentinelOne, follow the steps below:

  1. Log in to your SentinelOne Cloud console, then click Settings

  2. Select the Users tab.

  3. Select Service Users.

  4. Click Actions, then select Create New Service User.

  5. In the Create New Service User pop-up window that opens, enter a Name and Description, then select an Expiration Date.

  1. Click on Access Level Account (even if this is already selected)

  2. Select your Account and then select BI_View_Disconnect role for your account.

  1. Click Create User.



Beyond Identity Setup

  1. In the Beyond Identity Admin Console, go to Integrations > Endpoint Management

  2. Choose SentinelOne and enter SentinelOne URL and API token

  1. Click Save Changes

The integration is now in place, proceed to testing

Testing

To test the Beyond Identity <-> SentinelOne integration, configure Beyond Identity policy rules:

  1. Create a monitor rule to evaluate SentinelOne isActive attribute. View results of monitor rule matches via match counts under Policy.

  1. Create a Deny rule scoped to test on a test user group or test device (via passkey tag) to test SentinelOne disconnect action.



Additional Information

The Beyond Identity <-> SentinelOne integration will trigger a poll of the SentinelOne API for a specific device via the serial number of the device. This occurs at each Beyond Identity transaction evaluated via policy once the SentinelOne integration is configured and a SentinelOne attribute and/or action is configured in the Beyond Identity policy rule set.

FAQ

Q. How can I check if my device is connected to SentinelOne and troubleshoot connection issues?

A. The Fetch Data from Integration event log records failed data retrieval attempts from SentinelOne.

Related articles