Active Integrations (Available Now)
Microsoft Azure AD & M365
Users, MFA, Conditional Access, Defender, Intune, SharePoint, O365 Audit
Google Workspace
Users, Groups, 2SV enforcement, Admin accounts
Sub-Features (Included with Azure AD)
Microsoft Defender
Devices, alerts, CVEs, Secure Score
Microsoft Intune
Managed devices, compliance policies
Coming Soon
| Integration | Category | Auth | Syncs |
|---|---|---|---|
| Microsoft Sentinel | SIEM | OAuth2 | Incidents, alert rules, threat indicators |
| Amazon Web Services | Cloud | IAM Role | IAM, S3, EC2, GuardDuty, CloudTrail |
| Microsoft Azure (resources) | Cloud | OAuth2 | VMs, NSGs, Key Vault, SQL, policies |
| CrowdStrike Falcon | Endpoint | OAuth2 | Devices, detections, vulnerabilities |
| Okta | Identity | OAuth2 | Users, groups, MFA, sign-in logs |
| Jamf Pro | MDM | OAuth2 | Devices, patch status, encryption |
Planned
| Integration | Category |
|---|---|
| Wiz | CSPM |
| Tenable.io | Vulnerability Management |
| Qualys VMDR | Vulnerability Management |
| Duo Security | Identity / MFA |
| Splunk | SIEM |
| Proofpoint | Email Security |
| Mimecast | Email Security |
| Datto BCDR | Backup |
| Veeam Backup | Backup |
| VMware Carbon Black | Endpoint |
How Integration Auth Works
| Auth Type | Used By | How It Works |
|---|---|---|
| OAuth 2.0 | Azure AD, GWS, Defender, Intune | User authorizes via consent screen. Tokens stored encrypted in private schema. Auto-refreshed every 6 hours. |
| IAM Role | AWS | Cross-account assume role. Read-only policy. No long-lived credentials. |
Data Security
All integration credentials are:- Stored in
private.integration_connection_secrets(separate private schema) - AES-256 encrypted via pgcrypto
- Never exposed to other tenants
- Accessible only via
SECURITY DEFINERRPCs with tenant ownership checks