diff --git a/public/__redirects b/public/__redirects index ed428da448a652d..50c81f147c08cc8 100644 --- a/public/__redirects +++ b/public/__redirects @@ -2390,7 +2390,7 @@ /cloudflare-one/policies/access/* /cloudflare-one/access-controls/policies/:splat 301 /cloudflare-one/identity/one-time-pin/ /cloudflare-one/integrations/identity-providers/one-time-pin/ 301 /cloudflare-one/identity/idp-integration/* /cloudflare-one/integrations/identity-providers/:splat 301 - +/cloudflare-one/identity/devices/service-providers/* /cloudflare-one/integrations/service-providers/:splat 301 # Learning paths diff --git a/src/content/docs/cloudflare-one/changelog/risk-score.mdx b/src/content/docs/cloudflare-one/changelog/risk-score.mdx index f8e4a62795f4372..5862ba232811df7 100644 --- a/src/content/docs/cloudflare-one/changelog/risk-score.mdx +++ b/src/content/docs/cloudflare-one/changelog/risk-score.mdx @@ -17,4 +17,4 @@ import { ProductChangelog, Render } from "~/components"; **SentinelOne signal ingestion** -You can now configure a [predefined risk behavior](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/identity/devices/service-providers/sentinelone/). +You can now configure a [predefined risk behavior](/cloudflare-one/insights/risk-score/#predefined-risk-behaviors) to evaluate user risk score using device posture attributes from the [SentinelOne integration](/cloudflare-one/integrations/service-providers/sentinelone/). diff --git a/src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx b/src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx index 1b726dfb9d1888b..26d6e6cdfde0a4b 100644 --- a/src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx +++ b/src/content/docs/cloudflare-one/identity/devices/access-integrations/tanium.mdx @@ -11,7 +11,7 @@ head: import { Render } from "~/components"; :::note -Not recommended for new deployments. We recommend using the [Tanium service-to-service integration](/cloudflare-one/identity/devices/service-providers/taniums2s/) to get device posture signals from Tanium. +Not recommended for new deployments. We recommend using the [Tanium service-to-service integration](/cloudflare-one/integrations/service-providers/taniums2s/) to get device posture signals from Tanium. ::: Cloudflare Access can use endpoint data from [Tanium™](https://www.tanium.com/) to determine if a request should be allowed to reach a protected resource. When users attempt to connect to a resource protected by Access with a Tanium rule, Cloudflare Access will validate the user's identity, and the browser will connect to the Tanium agent before making a decision to grant access. diff --git a/src/content/docs/cloudflare-one/identity/devices/index.mdx b/src/content/docs/cloudflare-one/identity/devices/index.mdx index 72abcb60fa5206a..282f70254dc6752 100644 --- a/src/content/docs/cloudflare-one/identity/devices/index.mdx +++ b/src/content/docs/cloudflare-one/identity/devices/index.mdx @@ -14,7 +14,7 @@ With Cloudflare Zero Trust, you can configure Zero Trust policies that rely on a Setup instructions and requirements vary depending on the device posture attribute. Refer to the links below to view the setup guide for your provider. - [WARP client checks](/cloudflare-one/identity/devices/warp-client-checks/) are performed by the Cloudflare WARP client. -- [Service-to-service checks](/cloudflare-one/identity/devices/service-providers/) are performed by third-party device posture providers. +- [Service-to-service checks](/cloudflare-one/integrations/service-providers/) are performed by third-party device posture providers. - [Access integration checks](/cloudflare-one/identity/devices/access-integrations/) are only configurable for Access applications. These attributes cannot be used in Gateway policies. ## 2. Verify device posture checks @@ -37,7 +37,7 @@ Gateway does not support device posture checks for the [Tanium Access integratio ## 4. Ensure traffic is going through WARP -[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/identity/devices/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP: +[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/integrations/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP: - The IdP used to authenticate to Cloudflare Zero Trust if posture check is part of an Access policy. - `.cloudflareaccess.com` if posture check is part of an Access policy. @@ -77,4 +77,4 @@ By default, the WARP client polls the device for status changes every five minut #### Service provider checks -When setting up a [service-to-service integration](/cloudflare-one/identity/devices/service-providers/), you will choose a polling frequency to determine how often Cloudflare will query the third-party API. To set the polling frequency via the API, use the [`interval`](/api/resources/zero_trust/subresources/devices/subresources/posture/subresources/integrations/methods/edit/) parameter. +When setting up a [service-to-service integration](/cloudflare-one/integrations/service-providers/), you will choose a polling frequency to determine how often Cloudflare will query the third-party API. To set the polling frequency via the API, use the [`interval`](/api/resources/zero_trust/subresources/devices/subresources/posture/subresources/integrations/methods/edit/) parameter. diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx deleted file mode 100644 index 37429fb4a363a3f..000000000000000 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx +++ /dev/null @@ -1,27 +0,0 @@ ---- -pcx_content_type: navigation -title: Service providers -sidebar: - order: 2 ---- - -Service-to-service integrations allow the WARP client to get device posture data from a third-party API. To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks. - -## Supported WARP modes - -- Gateway with WARP -- Secure Web Gateway without DNS filtering -- Device Information Only - -## Supported operating systems - -| Device posture check | macOS | Windows | Linux | iOS | Android/ChromeOS | -| ------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | -| [Custom integration](/cloudflare-one/identity/devices/service-providers/custom/) | ✅ | ✅ | ✅ | ✅ | ✅ | -| [Crowdstrike](/cloudflare-one/identity/devices/service-providers/crowdstrike/) | ✅ | ✅ | ✅ | ❌ | ❌ | -| [Kolide](/cloudflare-one/identity/devices/service-providers/kolide/) | ✅ | ✅ | ✅ | ❌ | ❌ | -| [Microsoft Endpoint Manager](/cloudflare-one/identity/devices/service-providers/microsoft/) | ✅ | ✅ | ❌ | ❌ | ❌ | -| [SentinelOne](/cloudflare-one/identity/devices/service-providers/sentinelone/) | ✅ | ✅ | ❌ | ❌ | ❌ | -| [Tanium](/cloudflare-one/identity/devices/service-providers/taniums2s/) | ✅ | ✅ | ✅ | ❌ | ❌ | -| [Uptycs](/cloudflare-one/identity/devices/service-providers/uptycs/) | ✅ | ✅ | ✅ | ❌ | ❌ | -| [Workspace ONE](/cloudflare-one/identity/devices/service-providers/workspace-one/) | ✅ | ✅ | ✅ | ❌ | ❌ | diff --git a/src/content/docs/cloudflare-one/identity/index.mdx b/src/content/docs/cloudflare-one/identity/index.mdx index 0c6305af2a8b341..098ce3be2f0ea4a 100644 --- a/src/content/docs/cloudflare-one/identity/index.mdx +++ b/src/content/docs/cloudflare-one/identity/index.mdx @@ -3,16 +3,10 @@ pcx_content_type: navigation title: Identity sidebar: order: 4 + group: + hideIndex: true --- -import { DirectoryListing, Render } from "~/components"; - -Cloudflare Zero Trust integrates with your organization's identity provider to apply Zero Trust and Secure Web Gateway policies. If you work with partners, contractors, or other organizations, you can integrate multiple identity providers simultaneously. - -As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a [one-time PIN (OTP)](/cloudflare-one/integrations/identity-providers/one-time-pin/) to approved email addresses. No configuration needed — simply add a user's email address to an [Access policy](/cloudflare-one/access-controls/policies/) and to the group that allows your team to reach the application. - -You can simultaneously configure an OTP and an identity provider to allow users to use their own authentication method. - -Additionally, Cloudflare Zero Trust can integrate with [endpoint protection providers](/cloudflare-one/identity/devices/) to check requests for device posture. This allows you to configure security policies that rely on additional signals from endpoint security providers to allow or deny connections to your applications. +import { DirectoryListing} from "~/components"; diff --git a/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx b/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx index 31eed4b2814351c..e9e0eebb15fd403 100644 --- a/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/posture-logs.mdx @@ -37,7 +37,7 @@ Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/ | Field | Description | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Name** | Name of the [device posture check](/cloudflare-one/identity/devices). | -| **Type** | Type of [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) or [service provider check](/cloudflare-one/identity/devices/service-providers/). | +| **Type** | Type of [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). | | **Rule ID** | UUID of the device posture check. | | **Conditions met** | Whether the device passed or failed the posture check criteria. Evaluates to `true` if the **Received values** match the **Expected values**. | | **Expected values** | Values required to pass the device posture check. | diff --git a/src/content/docs/cloudflare-one/insights/risk-score.mdx b/src/content/docs/cloudflare-one/insights/risk-score.mdx index 8a82682487fbeca..ea2967d1d116a17 100644 --- a/src/content/docs/cloudflare-one/insights/risk-score.mdx +++ b/src/content/docs/cloudflare-one/insights/risk-score.mdx @@ -54,7 +54,7 @@ By default, all predefined behaviors are disabled. When a behavior is enabled, Z | -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Impossible travel | [A configured Access application](/cloudflare-one/applications/) | User has a successful login from two different locations that they could not have traveled between in that period of time. Matches will appear in your [Access audit logs](/cloudflare-one/insights/logs/audit-logs/). | | High number of DLP policies triggered | [A configured DLP profile](/cloudflare-one/data-loss-prevention/dlp-profiles/) | User has created a high number of DLP policy matches within a narrow frame of time. Matches will appear in your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/). | -| SentinelOne threat detected on machine | [SentinelOne service provider integration](/cloudflare-one/identity/devices/service-providers/sentinelone/) | SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/identity/devices/service-providers/sentinelone/#device-posture-attributes) for a user. | +| SentinelOne threat detected on machine | [SentinelOne service provider integration](/cloudflare-one/integrations/service-providers/sentinelone/) | SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/integrations/service-providers/sentinelone/#device-posture-attributes) for a user. | ## Manage risk behaviors diff --git a/src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx index c6e920f68dcbd5c..03e9f8460cdfd14 100644 --- a/src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx +++ b/src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx @@ -7,7 +7,10 @@ tags: import { Render } from "~/components"; -Cloudflare Zero Trust allows you to integrate your organization's identity providers (IdPs) with Cloudflare Access. Your team can simultaneously use multiple providers, reducing friction when working with partners or contractors. + +Cloudflare Zero Trust integrates with your organization's identity provider to apply Zero Trust and Secure Web Gateway policies. If you work with partners, contractors, or other organizations, you can integrate multiple identity providers simultaneously. + +As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a [one-time PIN (OTP)](/cloudflare-one/integrations/identity-providers/one-time-pin/) to approved email addresses. No configuration needed — simply add a user's email address to an [Access policy](/cloudflare-one/access-controls/policies/) and to the group that allows your team to reach the application. You can simultaneously configure an OTP and an identity provider to allow users to use their own authentication method. Adding an identity provider as a login method requires configuration both in [Zero Trust](https://one.dash.cloudflare.com) and with the identity provider itself. Consult our IdP-specific documentation to learn more about what you need to set up. diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/crowdstrike.mdx similarity index 98% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/crowdstrike.mdx index 316ae2c47af2daf..5af9c16a17efa6d 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/crowdstrike.mdx @@ -24,7 +24,7 @@ Device posture with Crowdstrike requires: product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/custom.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/custom.mdx similarity index 100% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/custom.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/custom.mdx diff --git a/src/content/docs/cloudflare-one/integrations/service-providers/index.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/index.mdx new file mode 100644 index 000000000000000..216029449965b80 --- /dev/null +++ b/src/content/docs/cloudflare-one/integrations/service-providers/index.mdx @@ -0,0 +1,27 @@ +--- +pcx_content_type: navigation +title: Service providers +sidebar: + order: 3 +--- + +Service-to-service integrations allow the WARP client to get device posture data from a third-party API. To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks. + +## Supported WARP modes + +- Gateway with WARP +- Secure Web Gateway without DNS filtering +- Device Information Only + +## Supported operating systems + +| Device posture check | macOS | Windows | Linux | iOS | Android/ChromeOS | +| ------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | +| [Custom integration](/cloudflare-one/integrations/service-providers/custom/) | ✅ | ✅ | ✅ | ✅ | ✅ | +| [Crowdstrike](/cloudflare-one/integrations/service-providers/crowdstrike/) | ✅ | ✅ | ✅ | ❌ | ❌ | +| [Kolide](/cloudflare-one/integrations/service-providers/kolide/) | ✅ | ✅ | ✅ | ❌ | ❌ | +| [Microsoft Endpoint Manager](/cloudflare-one/integrations/service-providers/microsoft/) | ✅ | ✅ | ❌ | ❌ | ❌ | +| [SentinelOne](/cloudflare-one/integrations/service-providers/sentinelone/) | ✅ | ✅ | ❌ | ❌ | ❌ | +| [Tanium](/cloudflare-one/integrations/service-providers/taniums2s/) | ✅ | ✅ | ✅ | ❌ | ❌ | +| [Uptycs](/cloudflare-one/integrations/service-providers/uptycs/) | ✅ | ✅ | ✅ | ❌ | ❌ | +| [Workspace ONE](/cloudflare-one/integrations/service-providers/workspace-one/) | ✅ | ✅ | ✅ | ❌ | ❌ | diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/kolide.mdx similarity index 95% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/kolide.mdx index a85c6573f552b76..cc7d2a54d69c8ef 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/kolide.mdx @@ -21,7 +21,7 @@ import { Render } from "~/components"; product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/microsoft.mdx similarity index 97% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/microsoft.mdx index 14cf0b98aa72d2c..6bf457c192dbd15 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/microsoft.mdx @@ -24,7 +24,7 @@ Device posture with Microsoft Endpoint Manager requires: product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/sentinelone.mdx similarity index 98% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/sentinelone.mdx index ba5b93869e25cec..74c2b16b931f0b5 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/sentinelone.mdx @@ -24,7 +24,7 @@ import { Render } from "~/components"; product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/taniums2s.mdx similarity index 98% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/taniums2s.mdx index 429c58dc2408e06..0dcd0a5fdd1c662 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/taniums2s.mdx @@ -25,7 +25,7 @@ import { Render } from "~/components"; product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/uptycs.mdx similarity index 95% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/uptycs.mdx index a999c0fa328280c..6d082a84e838f6d 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/uptycs.mdx @@ -21,7 +21,7 @@ import { Render } from "~/components"; product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx b/src/content/docs/cloudflare-one/integrations/service-providers/workspace-one.mdx similarity index 97% rename from src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx rename to src/content/docs/cloudflare-one/integrations/service-providers/workspace-one.mdx index 51697f5dddd3f73..d52ba1cff89eecc 100644 --- a/src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx +++ b/src/content/docs/cloudflare-one/integrations/service-providers/workspace-one.mdx @@ -21,7 +21,7 @@ import { Render } from "~/components"; product="cloudflare-one" params={{ name: "Service providers", - link: "/cloudflare-one/identity/devices/service-providers/", + link: "/cloudflare-one/integrations/service-providers/", }} /> diff --git a/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx b/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx index 3744a9609052a68..2e11bc0a9f74a46 100644 --- a/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx +++ b/src/content/docs/learning-paths/replace-vpn/build-policies/policy-design.mdx @@ -37,7 +37,7 @@ If you plan to grant access to services based on group membership, [view the use #### Device posture -Most customers will also build policies that are contingent on the use of a corporate device. For example, all users on corporate devices can access `*.jira.internal.com`, but users on personal devices can only access `dev.internal.jira.com`. In order for this to be effective, we recommend defining a source of truth for your corporate devices. This is sometimes the presence of a specific [issued certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/), the presence of a [process with a matched hash](/cloudflare-one/identity/devices/warp-client-checks/application-check/), or an API integration with a supported [thirty-party endpoint security provider](/cloudflare-one/identity/devices/service-providers/) like Crowdstrike or SentinelOne. +Most customers will also build policies that are contingent on the use of a corporate device. For example, all users on corporate devices can access `*.jira.internal.com`, but users on personal devices can only access `dev.internal.jira.com`. In order for this to be effective, we recommend defining a source of truth for your corporate devices. This is sometimes the presence of a specific [issued certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/), the presence of a [process with a matched hash](/cloudflare-one/identity/devices/warp-client-checks/application-check/), or an API integration with a supported [thirty-party endpoint security provider](/cloudflare-one/integrations/service-providers/) like Crowdstrike or SentinelOne. :::note diff --git a/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-sentinelone.mdx b/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-sentinelone.mdx index 644779f2325b807..792238a6f31d90a 100644 --- a/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-sentinelone.mdx +++ b/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-sentinelone.mdx @@ -22,7 +22,7 @@ This reference architecture is designed for IT and security professionals who ar Recommended resources for a stronger understanding of Cloudflare's SentinelOne integration: -- [SentinelOne device posture integration](/cloudflare-one/identity/devices/service-providers/sentinelone/) +- [SentinelOne device posture integration](/cloudflare-one/integrations/service-providers/sentinelone/) ## Integration overview @@ -82,7 +82,7 @@ Next, SentinelOne must be configured as a service provider in the Cloudflare Zer - Setting an appropriate polling frequency - Testing the connection to ensure proper communication -Finally, device posture checks must be configured to define the security requirements for access. For detailed setup instructions, refer to [SentinelOne device posture integration](/cloudflare-one/identity/devices/service-providers/sentinelone/). +Finally, device posture checks must be configured to define the security requirements for access. For detailed setup instructions, refer to [SentinelOne device posture integration](/cloudflare-one/integrations/service-providers/sentinelone/). ## Security capabilities diff --git a/src/content/docs/reference-architecture/architectures/sase.mdx b/src/content/docs/reference-architecture/architectures/sase.mdx index 37074dc5e0fab3c..89a63ae4e9a758c 100644 --- a/src/content/docs/reference-architecture/architectures/sase.mdx +++ b/src/content/docs/reference-architecture/architectures/sase.mdx @@ -499,7 +499,7 @@ The following built-in posture checks are available: - [Unique Client ID](/cloudflare-one/identity/devices/warp-client-checks/device-uuid/): When using an MDM too, organizations can assign a verifiable UUID to a mobile, desktop, or laptop device - [Device serial number](/cloudflare-one/identity/devices/warp-client-checks/corp-device/): Checks to see if the device serial matches a list of company desktop/laptop computers -Cloudflare One can also integrate with any deployed endpoint security solution, such as [Microsoft Endpoint Manager](/cloudflare-one/identity/devices/service-providers/microsoft/), [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/), [Carbon Black](/cloudflare-one/identity/devices/warp-client-checks/carbon-black/), [CrowdStrike](/cloudflare-one/identity/devices/service-providers/crowdstrike/), [SentinelOne](/cloudflare-one/identity/devices/warp-client-checks/sentinel-one/), and more. Any data from those products can be passed to Cloudflare for use in access decisions. +Cloudflare One can also integrate with any deployed endpoint security solution, such as [Microsoft Endpoint Manager](/cloudflare-one/integrations/service-providers/microsoft/), [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/), [Carbon Black](/cloudflare-one/identity/devices/warp-client-checks/carbon-black/), [CrowdStrike](/cloudflare-one/integrations/service-providers/crowdstrike/), [SentinelOne](/cloudflare-one/identity/devices/warp-client-checks/sentinel-one/), and more. Any data from those products can be passed to Cloudflare for use in access decisions. All of the above device information, combined with data on the user identity and also the network the device is on, is available in Cloudflare to be used as part of the company policy. For example, organizations could choose to only allow administrators to SSH into servers when all of the following conditions are met: their device is free from threats, running the latest operating system, and joined to the company domain. diff --git a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx index 19e85c50f6c7cc8..b498b255e612166 100644 --- a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx +++ b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx @@ -25,7 +25,7 @@ This document is aimed at administrators who are evaluating or have adopted Clou - **Building policies**: The main components of an access policy and how they are combined. - **Use cases**: Common use cases and policies that can serve as blueprints for your own policy designs. -This design guide assumes you have a basic understanding of Cloudflare's ZTNA solution, [Cloudflare Access](/cloudflare-one/access-controls/policies/). Therefore, this guide focuses on designing effective access policies and assumes you have already configured [DNS](/cloudflare-one/traffic-policies/initial-setup/dns/), [identity](/cloudflare-one/identity/) and [device posture providers](/cloudflare-one/identity/devices/service-providers/) as well as [created connectivity](/cloudflare-one/networks/) to self-hosted applications and related networks. +This design guide assumes you have a basic understanding of Cloudflare's ZTNA solution, [Cloudflare Access](/cloudflare-one/access-controls/). Therefore, this guide focuses on designing effective access policies and assumes you have already configured [DNS](/cloudflare-one/traffic-policies/initial-setup/dns/), [identity](/cloudflare-one/identity/) and [device posture providers](/cloudflare-one/integrations/service-providers/) as well as [created connectivity](/cloudflare-one/networks/) to self-hosted applications and related networks. By the end of this guide, you will be equipped to implement granular access policies that enforce Zero Trust principles across various common enterprise scenarios. @@ -70,7 +70,7 @@ A critical part of application access is authenticating a user. Cloudflare has a ### Device posture -The final prerequisite for building really effective access policies is to configure [device posture](/cloudflare-one/identity/devices/). When using the [device agent](/cloudflare-one/team-and-resources/devices/warp/), Cloudflare has access to a [variety of information](/cloudflare-one/identity/devices/warp-client-checks/) about the device which can then be used in an access policy. When using an [agentless method](/reference-architecture/diagrams/sase/sase-clientless-access-private-dns/) to access applications, only the user identity information is available. We also support using device posture information from [other vendors](/cloudflare-one/identity/devices/service-providers/), such as Microsoft, Crowdstrike and Sentinel One. +The final prerequisite for building really effective access policies is to configure [device posture](/cloudflare-one/identity/devices/). When using the [device agent](/cloudflare-one/team-and-resources/devices/warp/), Cloudflare has access to a [variety of information](/cloudflare-one/identity/devices/warp-client-checks/) about the device which can then be used in an access policy. When using an [agentless method](/reference-architecture/diagrams/sase/sase-clientless-access-private-dns/) to access applications, only the user identity information is available. We also support using device posture information from [other vendors](/cloudflare-one/integrations/service-providers/), such as Microsoft, Crowdstrike and Sentinel One. ![Figure 2 - two employees with different devices trying to access the same corporate application. Only the user with the device agent can access the SSH service.](~/assets/images/reference-architecture/designing-ztna-access-policies-for-cloudflare-access/figure2.svg "Figure 2 - two employees with different devices trying to access the same corporate application. Only the user with the device agent can access the SSH service.") diff --git a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx index bb5bed4d8cd5c0e..c03a28a4a6ae16f 100644 --- a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx +++ b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx @@ -165,7 +165,7 @@ Phishing attacks and campaigns to spread malware to take over devices and access #### Securing access -As described already, implementing ZTNA to secure your email platform offers numerous benefits. One key advantage is ensuring that email access is restricted to trusted, managed devices, even when using a cloud-based email service. This typically involves using Cloudflare to verify the presence of a [client certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) and confirm that there are no risks detected by an external endpoint management solution, such as [Crowdstrike](/cloudflare-one/identity/devices/service-providers/crowdstrike/) or [SentinelOne](/cloudflare-one/identity/devices/service-providers/sentinelone/). +As described already, implementing ZTNA to secure your email platform offers numerous benefits. One key advantage is ensuring that email access is restricted to trusted, managed devices, even when using a cloud-based email service. This typically involves using Cloudflare to verify the presence of a [client certificate](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) and confirm that there are no risks detected by an external endpoint management solution, such as [Crowdstrike](/cloudflare-one/integrations/service-providers/crowdstrike/) or [SentinelOne](/cloudflare-one/integrations/service-providers/sentinelone/). #### Tenant control