Beyond Identity's Secure Workforce product is a passwordless Identity and Access Management platform with a robust and customizable rule-based policy engine.
You can write the Beyond Identity policy rules on attributes obtained from the authentication, the user's device, and third-party integrations. The integration with SentinelOne lets a Beyond Identity admin configure the policy engine such that:
- Writing access rules based on a device's status returned as active from SentinelOne's cloud. This allows the following use cases:
- Only permitting SentinelOne-managed devices to authenticate
- Permitting SentinelOne-managed devices to authenticate with higher levels of access to more apps
- Writing a rule to trigger a SentinelOne Disconnect action if an endpoint violates Beyond Identity's policy. For example, posture failure, such as the device not being encrypted or patched, or any behavioral-based violations.
Licensing SKUs and Features
|SentinelOne Control or Complete||Included with Beyond Identity Secure Workforce|
|API token created from a service user with:
||Log in as a user with the minimum ‘Integrations Administrators’ role to add and configure integrations and a user with the ‘Policy Administrators’ role to configure the policy.
|SentinelOne Console||SentinelOne Agent||Beyond Identity Authenticator|
|Union Square#34||22.2 and above||Version 2.70.0 and above, supports macOS and Windows|
Configuration and Setup
During this setup, you'll obtain the SentinelOne URL and API token to add it Beyond Identity.
- In SentinelOne, go to Settings > Users > Service Users.
- Add the service user with the built-in role of IR Team.
If you want to create a custom role for this step, make sure the role has the following permissions:
- Endpoints > Endpoints View
- Endpoints > Endpoints Disconnect From Network
- In Beyond Identity, go to Integrations > Endpoint Management.
- Select SentinelOne and enter the SentinelOne URL and API token.
The integration is now in place and ready to be tested.
To test the Beyond Identity <-> SentinelOne integration, configure Beyond Identity policy rules:
- Create a monitor rule to evaluate SentinelOne's isActive attribute. View results of monitor rule matches via match counts under Policy.
- Create a Deny rule scoped to test on a test user group or test device (through passkey tag) to test SentinelOne disconnect action.
The Beyond Identity <-> SentinelOne integration will trigger a poll of the SentinelOne API for a specific device through the device's serial number. This occurs at each Beyond Identity transaction evaluated through policy once the SentinelOne integration gets configured and a SentinelOne attribute or action, or both, is configured in the Beyond Identity policy rule set.
Submit support requests at https://support.beyondidentity.com/
Article is closed for comments.