Skip to main content

How to integrate SentinelOne account?

Overview

To authenticate with SentinelOne, you will need to provide the following information:

  • Management (Base) URL
  • API Token

Step 1: Login to SentinelOne Management Console

  1. Sign in to your SentinelOne Management Console (e.g., https://<your-domain>.sentinelone.net)
  2. Ensure you have an account with Admin or API-access enabled Service User permissions

Step 2: Navigate to Service Users

  1. In the SentinelOne console, go to SettingsUsers
  2. Select the Service Users tab
  3. Click Create New Service User or select an existing service user

Step 3: Create Service User

If creating a new service user:

  1. Click Create New Service User

  2. Fill in the following details:

    • Username: Enter a descriptive name (e.g., "unizo-integration")
    • Full Name: Enter a full description (e.g., "Unizo Integration Service")
    • Role: Select appropriate role with required permissions

  3. Configure the minimum required permissions:

    Essential Permissions for EDR/XDR Integration:

    • Viewer role (minimum for read-only access)
    • Site Admin role (for full integration capabilities)
    • Custom Role with specific permissions:
      • Agents: Read
      • Threats: Read, Update
      • Policies: Read
      • Reports: Read
      • Remote Shell: Execute (if remote response needed)

  4. Click Save

Step 4: Generate API Token

  1. Find your Service User in the list

  2. Click the Actions menu (⋮) for the Service User

  3. Select API Token OperationsGenerate API Token

  4. Copy the API token immediately — it is shown only once

    Important:

    • The token is displayed only once
    • Store it immediately in a secure location
    • If lost, you'll need to regenerate a new token

Step 5: Get Management URL and API Token

You now have the following credentials for integration:

  1. Management URL: Your SentinelOne console URL

    • Format: https://<your-domain>.sentinelone.net
    • Examples:
      • US: https://usea1.sentinelone.net
      • EU: https://euc1.sentinelone.net
      • APAC: https://apne1.sentinelone.net
    • This is the URL you use to access the SentinelOne console

  2. API Token: The token you copied in Step 4