Skip to content

CrowdStrike Onboarding

Follow these steps to connect your CrowdStrike environment with SailPoint Entro.

Prerequisites

  • CrowdStrike administrator access

  • Access to Support and Resources → API Clients and Keys

  • Generated Client ID and Client Secret

Step‑by‑Step Configuration

  1. Log in to CrowdStrike Falcon Console

    Log in as an administrator.

  2. Open API Clients and Keys

    Navigate to Support and Resources → API Clients and Keys.

  3. Create API Client

    Click Create API Client in the top‑right corner.

  4. Name the Client

    Under Client Name, enter Entro Security Integration.

  5. Assign Scopes

    Assign the following scopes:

    • Hosts – Read

    • Real-Time Response – Read

    • Identity Protection (GraphQL) – Write

    • Identity Protection Entities – Read

    • Identity Protection Detections – Read

    • Identity Protection Timeline – Read

    • NGSIEM - Read & Write

    If you want to enable endpoint secrets scanning, include the following optional scopes:

    • Real time response (admin) – Write

    • Real-Time Response – Read & Write

    Important

    For Identity Protection, you must explicitly enable the GraphQL permission in CrowdStrike. When creating the API client and selecting the Identity Protection scope, ensure the GraphQL option is checked.

  6. Create and copy credentials

    Click Create and copy both Client ID and Client Secret values.

  7. Add CrowdStrike account in SailPoint Entro

    In SailPoint Entro, go to Management → Accounts & Integrations → Add New Account → CrowdStrike.

  8. Enter credentials in SailPoint Entro

    Paste the credentials into the onboarding form fields:

    • Nickname: Name of this integration instance

    • Client ID: From previous step

    • Client Secret: From previous step

    • Worker Group (Connector): Select appropriate group

  9. Connect and verify

    Click Connect. The status should display Verified once validated.

Security & Compliance Notes

  • SailPoint Entro performs read‑only API calls.

  • All secrets are encrypted with AES‑256.

  • TLS 1.2+ required.