Skip to main content
Sign in

Creating an extended integration for SentinelOne users

  • November 13, 2024 14:07
  • Updated

Let Oomnitza be your single source of truth!

You'll get visibility of your SentinelOne users as data from SentinelOne is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and SentinelOne in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key user information
  • Configurable reports to share information about users with your colleagues and management
  • Configurable workflows that you can easily create to automate tasks such as:
    • Getting and deleting user details
    • Updating, enabling, and disabling 2FA (Two-Factor Authentication) for users
    • Sending recovery codes to users
    •  Retrieving SaaS user roles and deactivating SaaS users in Oomnitza

Navigation

small_blue_link.svgSetting the SentinelOne URL as a global variable

small_blue_link.svgUpdating the credentials

small_blue_link.svgCreating the user integration

small_blue_link.svgCreating custom mappings

small_blue_link.svg Creating workflows

SentinelOne Delete User
SentinelOne Disable 2FA for User
SentinelOne Enable 2FA for User
SentinelOne Update 2FA for User
SentinelOne Get User Details
SentinelOne Resend Recovery Email Code to User
SentinelOne Send Users Recovery Code

small_blue_link.svgCreating SaaS user workflows

Before you start

To add credentials to the vault in Oomnitza and integrate SentinelOne with Oomnitza, you need to have the following information to hand:

  • Your SentinelOne API key. To generate an API key in SentinelOne:
    1. Log in to the Management Console as an Admin
    2. Navigate to Settings > Users
    3. Click on the Admin user you want to get a token for
      1. A new user should be created but is not required
    4. Click on the Generate link next to API Token
    5. A new window will open with the API Token.
    6. Click Copy
  • Your SentinelOne Customer Domain URL. The URL has the following format 
    https://<subdomain>.sentinelone.net or https://<subdomain>.sentinelone.com

Setting the SentinelOne URL as a global variable

To save time entering information when you create workflows, you can add the SentinelOne URL as a global variable in Oomnitza.

  1. In Oomnitza, click Configuration > Global Settings.
  2. Click Add new variable (+). 
  3. Enter SentinelOne.SentinelOne URL as the variable name.
  4. Enter the value for the URL. The URL has the following format 
    https://<subdomain>.sentinelone.net or https://<subdomain>.sentinelone.com
  5. Save your changes.

Updating the credentials

To stream SentinelOne user data into Oomnitza, you must add your API connection credentials to the Oomnitza vault.

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward button > to select the integration.
  4. Add your API key.
  5. Click Create.

Integration not in the list? Click Advanced Mode and complete these steps:

  1. Add the information details.
  2. Click the AUTHORIZATION tab.
  3. Ensure that API Key is selected as the Authorization type.
  4. Ensure that the Token Name is Authorization
  5. Enter "ApiToken" followed by a space and the API Key. For example,ApiToken aefgd-adw3n-jknadd78l1kjndc.
  6. Ensure that Add to Header is selected.
  7. Save your changes.

Next

You use the credentials that you added to create and customize your SentinelOne integrations with Oomnitza.

Creating the user integration

  1. In Oomnitza, click Configuration > Integrations > Overview.
  2. Click Block view block_view.PNG.
  3. On the Integrations page, scroll down to the Extended section for user integrations.
  4. Click NEW INTEGRATION.
  5. In the sidebar, search for the integration.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

  • User only. Add user records.
  • User plus SaaS user. Add user and SaaS user records. 

The benefit of adding SaaS user records is that you can run a workflow to validate the status and activity of SaaS users and retrieve information such as the role of the SaaS user. The information that can be retrieved depends on whether SaaS user workflows are available for the integration. 

Installation types

  • Cloud. Store credentials in the Oomnitza cloud.
  • Local. Store credentials locally. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select cloud as the type of installation. Local installations don't support AWS and OAuth authentication. 

Integration preferences

  • Create & Update. Add and update records.
  • Create only. Add records.
  • Update only. Update records.

Editing the integration details

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make your changes.

Editing the credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Scheduling the integration

By default, data is synced once every day. Change the interval or the time so that the data is streamed when your system isn't busy.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make and save your changes.

Mapping fields to Oomnitza

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

 cog_red_dot_small_icon.svg Selecting Edit integration to add rules for syncing data. small_blue_link.svg Filtering integration results.  
 

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. 
small_blue_link.svg Creating custom API fields. 

Creating custom mappings

Map the SentinelOne fields to Oomnitza fields and create custom mappings to get the user information that you need.

Complete these actions:

  1. Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
  2. You must create a custom mapping for the SentinelOne Id field. To do this, complete these steps:
    1. Click the down arrow on the Id field.
    2. Select Add new Oomnitza user field.
    3. Change the name of the Id field to SentinelOne User Id
    4. Select the Unique checkbox.
    5. Click CREATE
  3. Ensure that the Email is mapped to the
    1. Username field on the Oomnitza side (required for integration).
    2. Email field on the Oomnitza side (required for integration).
  4. Select the Role field on the Oomnitza mapping side.
  5. Choose a suitable role from the list (a defined role is necessary for the integration)
  6. Assign a sync key to a unique field, such as the Email.
  7. Click UPDATE.

Standard SentinelOne to Oomnitza mappings

The following SentinelOne fields can be mapped to Oomnitza:

Api Token
Connector Sync Time
Customer Domain URL
Date Joined
Email
First Login
Full Name
Id
Is Email Read Only
Is Email Verified
Is Full Name Read Only
Is Groups Read Only
Is System
Is Two Fa Enabled
Last Login
Lowest Role
Primary Two Fa Method
Scope
Source

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Creating user workflows

To reduce your workload and automate complex and repetitive tasks, you can create user workflows with the API block by following the steps in Using the API block. When creating the user workflows with the API block for SentinelOne, the following specific configuration is required:

  • To locate the available presets, enter SentinelOne in the Select Preset search field. The SentinelOne API block workflow comes with the following presets:

    SentinelOne Delete User
    SentinelOne Disable 2FA for User
    SentinelOne Enable 2FA for User
    SentinelOne Update 2FA for User
    SentinelOne Get User Details
    SentinelOne Resend Recovery Email Code to User
    SentinelOne Send Users Recovery Code

  • In the Configure section, enter the following details:
    1. The SentinelOne URL, if it was not already added as a global variable. For further information, refer to Setting the SentinelOne URL as a global variable.
    2. Your SentinelOne Credentials that you created in Updating the credentials. 

articles_icon.svg Reference articles for workflows

Creating SaaS user workflows

You can create a Saas User workflow in Oomnitza using the SentinelOne User Role preset. This preset supplies you with the Role of your SaaS users.

Prerequisites

Before you create a SaaS user workflow, you should have already run your extended user integration and selected User plus SaaS User to populate the software entry in the Software > SaaS menu.

To create a Saas User workflow using the SentinelOne User Role preset, complete the following steps:

  1. Click Configuration > Workflows > Saas Users from the menu.
  2. Click Add (+). The Begin and End blocks are automatically added to the sandbox.
  3. Enter the name and a description of the workflow. 
  4. Edit the Begin block by adding the rules that will trigger the workflow. For further information see SaaS User Roles.
  5. Click the Blocks tab, and drag and drop the SaaS User Role retrieval block onto the canvas.
  6. Click the Edit icon.
  7. Enter SentinelOne in the search field and choose the SentinelOne User Role preset.
  8. Click the right arrow >.
  9. Supply the SentinelOne URL, if it was not already added as a global variable. For further information, refer to Setting the SentinelOne URL as a global variable.
  10. Supply the SentinelOne Credentials that you created in Updating the credentials. 
  11. Select the Deactivate User checkbox to deactivate the SaaS user in SaaS > SentinelOne > Users if they are not found in your SentinelOne instance.
  12. Click SAVE.
  13. Connect the blocks.
  14. Save, validate, and activate your workflow.

To view active SentinelOne users in the SaaS Users UI, complete the following steps:

  1. Click Software from the menu.
  2. Select the Saas tab, and select your software entry for SentinelOne.
  3. In the SentinelOne window, select the Users tab.
  4. The Role column will be populated with that the user details to confirm that this user has been found in your SentinelOne SaaS.

Tip
Run the Delete User workflow in conjunction with the User role preset to help you remove users that are deactivated in SaaS > SentinelOne > Users

Reference articles for creating workflows

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

      • Configure dashboards for your users and software
      • Configure custom reports about your users and software
      • Create workflows to automate tasks

See small_blue_link.svg Getting started

 

Did you know
You can also create extended connector integrations for SentinelOne Assets.
small_blue_link.svg Extended Integration for SentinelOne Assets

Related articles

Comments

0 comments

Please sign in to leave a comment.