Skip to main content

SentinelOne Integration and Configuration Guide

Patricia Mcphee
  • Updated

Beyond Identity's Secure Workforce product is a passwordless Identity and Access Management platform with a robust and customizable rule-based policy engine.

You can write the Beyond Identity policy rules on attributes obtained from the authentication, the user's device, and third-party integrations. The integration with SentinelOne lets a Beyond Identity admin configure the policy engine such that:

  • Writing access rules based on a device's status returned as active from SentinelOne's cloud. This allows the following use cases:
    • Only permitting SentinelOne-managed devices to authenticate
    • Permitting SentinelOne-managed devices to authenticate with higher levels of access to more apps
  • Writing a rule to trigger a SentinelOne Disconnect action if an endpoint violates Beyond Identity's policy. For example, posture failure, such as the device not being encrypted or patched, or any behavioral-based violations. 

Requirements

Licensing SKUs and Features

SentinelOne Beyond Identity
SentinelOne Control or Complete Included with Beyond Identity Secure Workforce

Role/Access

SentinelOne Beyond Identity
API token created from a service user with:
  • Account and site level scope access (minimum built in role of IR Team)
  • Optional custom role requirements with the following permissions:
    • Endpoints > Endpoints View
    • Endpoints > Endpoints Disconnect From Network
 Log in as a user with the minimum ‘Integrations Administrators’ role to add and configure integrations and a user with the ‘Policy Administrators’ role to configure the policy.

Picture2.png

Authenticator Version

SentinelOne Console SentinelOne Agent Beyond Identity Authenticator
Union Square#34 22.2 and above Version 2.70.0 and above, supports macOS and Windows

Configuration and Setup

During this setup, you'll obtain the SentinelOne URL and API token to add it Beyond Identity.

  1. In SentinelOne, go to Settings > Users > Service Users.
  2. Add the service user with the built-in role of IR Team.

    If you want to create a custom role for this step, make sure the role has the following permissions:

    • Endpoints > Endpoints View
    • Endpoints > Endpoints Disconnect From Network
  3. In Beyond Identity, go to Integrations > Endpoint Management.
  4. Select SentinelOne and enter the SentinelOne URL and API token.

    Picture3.png

    The integration is now in place and ready to be tested.

Testing

To test the Beyond Identity <-> SentinelOne integration, configure Beyond Identity policy rules:

  1. Create a monitor rule to evaluate SentinelOne's isActive attribute. View results of monitor rule matches via match counts under Policy.

    Picture4.png

  2. Create a Deny rule scoped to test on a test user group or test device (through passkey tag) to test SentinelOne disconnect action.

    Picture5.png

Additional Information

The Beyond Identity <-> SentinelOne integration will trigger a poll of the SentinelOne API for a specific device through the device's serial number. This occurs at each Beyond Identity transaction evaluated through policy once the SentinelOne integration gets configured and a SentinelOne attribute or action, or both, is configured in the Beyond Identity policy rule set.

Support Information

Submit support requests at https://support.beyondidentity.com/

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk