Creating an extended integration for SentinelOne users

Let Oomnitza be your single source of truth!

You'll get visibility of your SentinelOne users as data from SentinelOne is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and SentinelOne in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

• Configurable dashboards and list views of key user information
• Configurable reports to share information about users with your colleagues and management
• Configurable workflows that you can easily create to automate tasks such as:
  • Getting and deleting user details
  • Updating, enabling, and disabling 2FA (Two-Factor Authentication) for users
  • Sending recovery codes to users

Navigation

Setting the SentinelOne URL as a global variable

Updating the credentials

Creating the user integration

Creating custom mappings

Creating workflows

SentinelOne Delete User
SentinelOne Disable 2FA for User
SentinelOne Enable 2FA for User
SentinelOne Update 2FA for User
SentinelOne Get User Details
SentinelOne Resend Recovery Email Code to User
SentinelOne Send Users Recovery Code

Before you start

Best practice
For the integration with Oomnitza, create a dedicated user account.

SentinelOne uses API key authentication, which requires an API secret key and API ID. 

For more information, see SentinelOne FAQ.

Setting the SentinelOne URL as a global variable

To save time entering information when you create workflows, you can add the SentinelOne URL as a global variable in Oomnitza.

1. In Oomnitza, click Settings > Global Settings.
2. Click Add new variable (+). 
3. Enter SentinelOne.SentinelOne URL as the variable name.
4. Enter the value for the URL. The URL has the following format 
   https://<subdomain>.sentinelone.net or https://<subdomain>.sentinelone.com
5. Save your changes.

Updating the credentials

To stream SentinelOne user data into Oomnitza, you must add your API connection credentials to the Oomnitza vault.

1. In Oomnitza, click Settings > Credentials.
2. Click Add new credential (+).
3. Add the information details.
4. Click the AUTHORIZATION tab.
5. Ensure that API Key is selected as the authorization type.
6. Enter Authorization as the name of the token. 
7. Enter ApiToken {{SentinelOne API token}} as the API key.
8. Ensure that Add to Header is selected.
9. Save your changes.

Next

You use the credentials that you added to create and customize your SentinelOne integrations with Oomnitza.

Creating the user integration

Info and connect details

1. From the menu, click Settings.
2. Click Integrations List View .
3. On the Integrations page, scroll down to the Extended section for User Integrations.
4. Click NEW INTEGRATION.
5. In the New User Integration sidebar, click SentinelOne.
6. Click APPLY next to the Sentinel One User Load, and then click NEXT twice.

Connect page

Best practice
To ensure that only live user records are streamed to Oomnitza, choose Update only as your integration preference. When you run the integration, you can check the error logs to see which user records weren't uploaded and why they weren't uploaded. You can then decide whether to upload the user records that were skipped by changing your integration preference to create and upload. See Access error logs.

On the connect page, complete the following steps to connect the integration:

1. Enter a descriptive name for the integration such as SentinelOne User Load. This name will be displayed on the Integrations page once the setup is complete.
2. From the User Selection list, select User plus SaaS User.
3. From the Installation type list, select Cloud.
4. From the Credentials list, select your credentials.
5. From the Integration Preferences list, select Update only.   
6. Enter the name of the user of the integration.
7. Enter the SentinelOne Customer Domain URL. The URL has the following format 
   https://<subdomain>.sentinelone.net or https://<subdomain>.sentinelone.com
8. Click Next.

Creating custom mappings

Map the SentinelOne fields to Oomnitza fields and create custom mappings to get the user information that you need.

Complete these actions:

1. You must create a custom mapping for the SentinelOne Id field. To do this, complete these steps:
   1. Click the down arrow on the Id field.
   2. Select Add new Oomnitza user field.
   3. Change the name of the Id field to SentinelOne User Id. 
   4. Click CREATE. 
2. Create custom mappings to map any other field that you want to add to Oomnitza:
   1. Click the down arrow on the field that you want to map.
   2. Select Add new Oomnitza user field.
   3. Change the name of the field.
   4. Click CREATE. 
3. Assign a sync key to the Email field.
4. Click NEXT. 

Note: For all user loads, it is recommended that you map role information to an employee role in Oomnitza. Users need to have an employee role defined in order to access Oomnitza. If the role information is not available from the user load, it is recommended that you select Employee from the Oomnitza Role dropdown list. You have the option to overwrite this at a later point should the role information become available. 

Standard SentinelOne to Oomnitza mappings

The following SentinelOne fields can be mapped to Oomnitza:

Api Token
Connector Sync Time
Customer Domain URL
Date Joined
Email
First Login
Full Name
Id
Is Email Read Only
Is Email Verified
Is Full Name Read Only
Is Groups Read Only
Is System
Is Two Fa Enabled
Last Login
Lowest Role
Primary Two Fa Method
Scope
Source

Want to map more fields to Oomnitza?
Contact Support, or see Mapping extended connectors.

When you've completed mapping the SentinelOne to Oomnitza fields, click NEXT.

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

1. Configure your schedule.
2. Click FINISH.

Result

A new tile is created for the integration on the Integrations page. 

What to do next

If you want to see the information that is collected now, click the tile on the Integrations page and click RUN NOW.

If you want to change the integration settings, you can click a navigation link on the page, such as 4 Mappings, and edit the settings. 

Creating workflows

To reduce your workload and automate complex and repetitive tasks, you can create user workflows with the API block by following the steps in Creating user workflows with the API block. When creating the user workflows with the API block for SentinelOne, the following specific configuration is required:

• To locate the available presets, enter SentinelOne in the Select Preset search field. The SentinelOne API block workflow comes with the following presets:

  SentinelOne Delete User
  SentinelOne Disable 2FA for User
  SentinelOne Enable 2FA for User
  SentinelOne Update 2FA for User
  SentinelOne Get User Details
  SentinelOne Resend Recovery Email Code to User
  SentinelOne Send Users Recovery Code

• In the Configure section, enter the following details:
  1. The SentinelOne URL, if it was not already added as a global variable. For further information, refer to Setting the SentinelOne URL as a global variable.
  2. Your SentinelOne Credentials that you created in Updating the credentials. 
     

For further information on workflows see:
 Understanding workflows
 Workflow block overview

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

• Configure dashboards for your users and software
• Configure custom reports about your users and software
• Create workflows to automate tasks

See  Getting started

Did you know
You can also create extended connector integrations for SentinelOne Assets.
Extended Integration for SentinelOne Assets