- Configure and Authenticate Cloud Apps
- Add Open API Authentication and Roles
- Accounts API v1
- Authentication
- Objects used with these APIs
- Get all accounts
- Get single account
- Create an account
- Modify an account
- Delete an account
- Reset an account’s history
- Get all accounts’ health statuses
- Get an account’s health status
- Activate an account
- Deactivate an account
- (Deprecated) Activate an account’s endpoint
- (Deprecated) Deactivate an account’s endpoint
- Activate an account’s endpoint
- Deactivate an account’s endpoint
- Test Account Connection
- Get Account Users
- Get Exposed Resources
- Export Account
- Import Account
- Get ConnectorsSyncSettings
- Set ConnectorsSyncSettings
- Accounts API v2
- Monitoring API
- Remediation API
- Settings and Reports API
- SIEM API
- Tenancy API
- Version API
Configure and Authenticate Cloud Apps
To authenticate the various Cloud Apps, a different set of credentials is required. When you configure authentication for an app, you must set specific values for application and authn-data.
In addition, refer the the following guidelines for configuring and authenticating Cloud Apps.
A field value marked as
obfuscatedindicates that the returning value is not the clear-text that was set, but an indication that the value is returned in an encrypted manner and is not visible further.All data is stored encrypted on the backend.
Field value marked as
optionsaccepts only the following listed values as valid.Field value marked as
multilineindicates that the transported value needs to keep its line breaks, or is expected to be a large chunk of text. useful for building client UI forms.All fields are required, unless explicitly marked as
optional
The following Cloud Apps require specific authentication configurations:
AWS
application: AWS
authn-data:
{
"type":"basic",
"fields":[
{
"name":"region",
"value":"string"
},
{
"name":"access-key",
"value":"string"
},
{
"name":"secret-key",
"value":"string. obfuscated"
}
]
}AWS-MultiTenant
application: AWS-MultiTenant
authn-data:
{
"type":"basic",
"fields":[
{
"name":"sqs-url",
"value":"string"
},
{
"name":"sqs-region",
"value":"string"
},
{
"name":"s3-region",
"value":"string"
},
{
"name":"access-key",
"value":"string"
},
{
"name":"secret-key",
"value":"string. obfuscated"
}
]
}Azure
application: Azure
authn-data:
{
"type":"oauth2",
"fields":[
{
"name":"client-id",
"value":"string"
},
{
"name":"client-secret",
"value":"string. obfuscated"
},
{
"name":"tenant-id",
"value":"string"
}
]
}Box
application: Box
authn-data:
{
"type":"JWT",
"fields":[
{
"name":"jwt-json",
"value":"string <JSON>"
}
]
}Duo
application: DUO
authn-data:
{
"type":"basic",
"fields":[
{
"name":"API hostname",
"value":"string"
},
{
"name":"Integration key",
"value":"string"
},
{
"name":"Secret key",
"value":"string. obfuscated."
}
]
}Google Apps
application: Google Apps
authn-data:
{
"type":"service-account",
"fields":[
{
"name":"service-credentials-json",
"value":"json object"
},
{
"name":"admin-username",
"value":"string"
},
{
"name":"api-scopes",
"value":string, default:https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.rolemanagement,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/apps.alerts
}
]
}Important
The API scopes MUST be the exact same set of scopes authorized for the service account in Google admin console
Google Cloud Platform (GCP)
application: Google Cloud Platform (GCP)
authn-data:
{
"type":"basic",
"fields":[
{
"name":"service-credentials-json",
"value":"string. multiline."
}
]
}Office 365
application: Office 365
authn-data:
{
"type":"oauth2",
"fields":[
{
"name":"client-id",
"value":"string"
},
{
"name":"client-secret",
"value":"string. obfuscated"
},
{
"name":"tenant-id",
"value":"string"
},
{
"name":"username",
"value":"string. optional"
},
{
"name":"password",
"value":"string. obfuscated. optional"
}
]
}Office 365 also requires additional authentication data needed for exposed files data.
authn-data:
{
"name":"certificate",
"value":"string for certificate (public key) of X.509 certificate"
},
{
"name":"private-key",
"value":"string for private key of X.509 certificate"
}Okta
application: Okta
authn-data:
{
"type":"basic",
"fields":[
{
"name":"url",
"value":"string"
},
{
"name":"api-token",
"value":"string. obfuscated"
}
]
}OneLogin
application: OneLogin
authn-data:
{
"type":"basic",
"fields":[
{
"name":"region",
"value":"string. options"[
"eu",
"us"
]
},
{
"name":"client-id",
"value":"string"
},
{
"name":"client-secret",
"value":"string. obfuscated."
}
]
}Salesforce
application: "Sales Cloud"
authn-data:
{
"type":"service-account",
"fields":[
{
"name":"service-credentials-json",
"value":"JSON object"
},
{
"name":"admin-username",
"value":"string",
"username of an admin having permission to view admin activity report"
},
{
"name":"api-scopes",
"value":"string",
"scopes list",
"comma delimited (has default value hence optional)"
}
]
}ServiceNow
application: ServiceNow
authn-data:
{
"type":"basic",
"fields":[
{
"name":"hostname",
"value":"string"
},
{
"name":"username",
"value":"string"
},
{
"name":"password",
"value":"string. obfuscated"
},
{
"name":"time-zone",
"value":"string"
}
]
}Private Application
application: Private Application
authn-data:
There are two possible authentication sets, depending on the storage method:
For type local-directory:
{
"type":"basic",
"fields":[
{
"name":"url",
"value":"string"
},
{
"name":"api-token",
"value":"string. obfuscated"
}
]
}For type azure-shared-access-signature:
{
"type":"azure-shared-access-signature",
"fields":[
{
"name":"application-name",
"value":"string"
},
{
"name":"shared-access-signature",
"value":"string. obfuscated"
}
]
}Custom Application
application: Custom Application
authn-data:
{
"type":"s3-sqs-authn-type",
"fields":[
{
"name":"access-key",
"value":"string"
},
{
"name":"secret",
"value":"string. obfuscated"
},
{
"name":"s3-region",
"value":"string"
},
{
"name":"sqs-region",
"value":"string"
},
{
"name":"sqs-url",
"value":"string"
},
{
"name":"processor",
"value":"string. options"[
"Windows Security Events",
"Duo Events",
"Pulse VPN Events",
"Windows Events",
"Bluecoat Proxy Events"
]
}
]
}