Skip to main content
Sign in

Creating an extended integration for CrowdStrike users

  • May 29, 2026 07:25
  • Updated

Sync CrowdStrike with Oomnitza to gain visibility of CrowdStrike users as data from CrowdStrike is transformed into consumable information and actionable insights.

Before you start

To easily find the records that are uploaded to Oomnitza, it's best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve the records that are uploaded to Oomnitza from the vendor application. 

small_blue_link.svg Creating integration users 

Before you create the integration with Oomnitza:

  • Add your CrowdStrike credentials to Oomnitza

  • Add the value of your cloud environment as a global variable. 

Adding your CrowdStrike OAUTH credentials to Oomnitza

To add your credentials, you must retrieve the following information from CrowdStrike:

  • CrowdStrike cloud environment. You enter the same value that you enter for the global variable. For example, if your base URL is https://api.us-2.crowdstrike.com, , you enter api.us-2.crowdstrike as the value.
  • Client ID and client secret

Retrieving the information from CrowdStrike

  1. Log in to the Falcon UI.
  2. Go to Support > API Clients and Keys.
  3. Click Add new API Client.
  4. Enter a name.
    1. Select the Hosts (Read) and Host Groups (Read) scopes for the asset integration. If you plan to run asset workflows, you must also have Write access.
    2. Select the User management (Read) scope for the user integration and SaaS workflow. If you plan to run one or more of the following user workflows, you must also have Write access: CrowdStrike Change User Name, CrowdStrike Change User Roles, CrowdStrike Delete User, and CrowdStrike Remove User Role.
  5. Click Save.  Make sure you copy the base URL, client ID, and secret.

 See CrowdStrike Authentication Guide

Important 
The required API SCOPES to get users from CrowdStrike Falcon to Oomnitza are: Read for User managementYou need to select Write for User management to run any of the following workflows: CrowdStrike Change User Name, CrowdStrike Change User Roles, CrowdStrike Delete User, and CrowdStrike Remove User Role.

Make life easier and add your credentials to Oomnitza before you create the integration.  

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward arrow > to select the integration.
  4. Enter your client credentials and any other additional information.
  5. Click Authenticate. You are prompted to log in to authorize your request.
  6. Click CREATE.

Before you can create the integration with Oomnitza, you need to have added your CrowdStrike credentials to Oomnitza and added the value for your cloud environment as a global variable. For further information, refer to Adding your CrowdStrike credentials to Oomnitza.

Adding your CrowdStrike cloud environment as a global variable

global_setting.svgAdd the value as a global variable so that when you create workflows that use presets the variable is automatically added. See Adding global settings.

global_setting.svgThe name of the variable is CrowdStrike Falcon.Api Domain.

To enter the value for CrowdStrike Falcon.Api Domain, you trim the prefix https:// and the suffix .com from the base URL. Let's say your base URL is https://api.us-2.crowdstrike.com, , you enter api.us-2.crowdstrike as the value.

CrowdStrike base URLs might change or new base URLs might be added. The source of truth is the CrowdStrike Falcon Wiki. To check out the base URLs, go to the Glossary of Terms, and open the Base URL page.

Creating the user integration

  1. In Oomnitza, click Configuration > Integrations > Overview.
  2. Click Block view block_view.PNG.
  3. On the Integrations page, scroll down to the Extended section for user integrations.
  4. Click NEW INTEGRATION.
  5. In the sidebar, search for the integration.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

  • User only. Add user records.
  • User plus SaaS user. Add user and SaaS user records. 

The benefit of adding SaaS user records is that you can run a workflow to validate the status and activity of SaaS users and retrieve information such as the role of the SaaS user. The information that can be retrieved depends on whether SaaS user workflows are available for the integration. 

Installation types

  • Cloud. Store credentials in the Oomnitza cloud.
  • Local. Store credentials locally. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select cloud as the type of installation. Local installations don't support AWS and OAuth authentication. 

Integration preferences

  • Create & Update. Add and update records.
  • Create only. Add records.
  • Update only. Update records.

Editing the integration details

TipBulb_Icon_small.svg When you edit the Integration details section, you can select the name or names of integration contacts.  Integration contacts will receive an in-app notification and an email, when the integration fails, when the integration fails to complete within 24 hours, or when the scheduled integration fails to run.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make your changes.

Editing the credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Scheduling the integration

By default, data is synced once every day. Change the interval or the time so that the data is streamed when your system isn't busy.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Make and save your changes.

Mapping fields to Oomnitza

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

 cog_red_dot_small_icon.svg Select Edit integration to add rules for syncing data. small_blue_link.svg Filtering integration results.  
 

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. 
small_blue_link.svg Creating custom API fields. 

Complete these actions:

  1. Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
  2. Create a custom mapping for the CrowdStrike User ID. Complete the following steps:
    1. Click the down arrow on the UUID field.
    2. Select Add new Oomnitza users field.
    3. Change the name of the field to CrowdStrike User ID.
    4. Select the Unique checkbox.
    5. Click CREATE
  3. Ensure that the Email is mapped to the
    1. Username field on the Oomnitza side (required for integration).
    2. Email field on the Oomnitza side (required for integration).
  4. Select the Role field on the Oomnitza mapping side.
  5. Choose a suitable role from the list (a defined role is necessary for the integration)
  6. Assign a sync key to a unique field, such as the Email.
  7. Click UPDATE.

Tracking information for user loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials
  • Connect: CrowdStrike Cloud Environment

Standard CrowdStrike to Oomnitza User Load mappings

  • Connector Sync Time
  • Customer ID
  • Email
  • First Name
  • Last Name
  • UUID

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Creating user workflows

To reduce costs by automating repetitive and complex tasks, take advantage of the built-in presets for assets.

To add a preset to a workflow, complete these steps:

  1. Click Configuration > Workflows 
  2. Click Add (+) and select People from the list.
  3. Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to Schedule and add a rule so that the Email Equals <EmployeeEmail> you can trigger a workflow to fetch a user matching a certain name on a specific date. Refer to Using the Begin block. 
  4. Drag and drop the API block onto the Sandbox.
  5. Click Edit on the API block and enter CrowdStrike in the search field. 
  6. Select a preset from the list below. To choose a preset, click the forward arrow (>).
    • CrowdStrike Change User Name
    • CrowdStrike Change User Roles
    • CrowdStrike Delete User
    • CrowdStrike Remove User Role 
  7. Select the credentials that you created for CrowdStrike.
  8. Enter any mandatory information when prompted.
  9. Select Advanced Mode.
  10. Select the Information tab. You will notice that the User ID is referenced in the property {{crowdstrike_user_id}}. Follow the mapping steps when creating the user integration so that this property exists in Oomnitza and is populated with information before you run this workflow.
  11. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields.
  12. Connect the Blocks. 
  13. Validate, launch, and save your workflow.

articles_icon.svg Reference articles for workflows

Create SaaS user workflows

You can create a Saas User workflow in Oomnitza using the CrowdStrike User Role preset. You can use this preset to get the Role information of all users in a CrowdStrike instance.

Prerequisites

Before you create a SaaS user workflow, you should have already run your extended user integration and selected User plus SaaS User to populate the Crowdstrike software entry in the Software > SaaS menu.

To create a SaaS User workflow using the CrowdStrike Role preset, complete the following steps:

  1. Click Configuration > Workflows > SaaS Users from the menu.
  2. Click Add (+). The Begin and End blocks are automatically added to the sandbox.
  3. Enter the name and a description of the workflow. 
  4. Edit the Begin block by adding the rules that will trigger the workflow. For further information see SaaS User Roles.
  5. Click the Blocks tab, and drag and drop the SaaS User Role retrieval block onto the canvas.
  6. Click the Edit icon.
  7. Enter CrowdStrike in the search field and choose the CrowdStrike User Role preset.
  8. Click the right arrow >.
  9. Enter your Credentials.
  10. Select the Deactivate User checkbox to deactivate the SaaS user in SaaS > Crowdstrike > Users if they are not found in your Crowdstrike instance.
  11. Click SAVE.
  12. Connect the blocks.
  13. Validate, launch, and save your workflow.

To view active CrowdStrike users in the SaaS Users UI, complete the following steps:

  1. Click Software from the menu.
  2. Select the SaaS tab, and select your software entry for CrowdStrike.
  3. Click Users in the side pane.
  4. The Role column will be populated to confirm that this user has been found in your CrowdStrike SaaS. 

Reference articles for creating workflows

Related articles

Comments

0 comments

Please sign in to leave a comment.