Set up BeyondCorp Enterprise and Falcon ZTA integration

This document shows you how to set up BeyondCorp Enterprise and CrowdStrike Falcon Zero Trust Assessment (Falcon ZTA) integration. Setting up this integration involves ensuring that your environment satisfies Falcon ZTA's requirements and enabling Falcon ZTA on your organizational units.

Before you begin

  • Ensure that your environment satisfies the following Falcon ZTA requirements:

    • CrowdStrike's Falcon sensor is installed on your devices.
    • Your CrowdStrike instance (or CID) has access to an Insight subscription.
    • The CID is enabled in order to receive the data.ztafile. To enable CID, file a support ticket to support@crowdstrike.com.
  • Ensure that the devices in your organization run one of the following operating systems:

    • Apple® MacOS® El Capitan (10.11) and later
    • Microsoft® Windows 10, Server 2016, or 2019 and later
  • Set up Endpoint Verification for your organization:

    1. Log in to the Google Workspace Admin Console.

      Log in to Google Workspace Admin Console
    2. Perform the following steps by using the instructions in Set up Endpoint Verification:
      1. Turn on Endpoint Verification in your Admin console.
      2. Install the Endpoint Verification extension for all your devices.
      3. Install the helper app for all your devices.

Enable Falcon ZTA for your organizational unit

To collect device information by using Falcon ZTA, enable Falcon ZTA for your organizational unit by doing the following:

  1. From the Admin console Home page, go to Devices.

    Go to Devices
  2. Click Settings > Third-party integrations > Security and MDM partners.
  3. Select the checkbox for CrowdStrike, and click Save.

    CrowdStrike is now listed in the Security and MDM partners section. Depending on the size of your organization, it might take a few seconds to establish the connection between Endpoint Verification and Falcon ZTA. After the connection is established, the devices might take a few minutes to an hour to report Falcon ZTA data.

  4. To verify the connection status, do the following:
    1. From the Chrome browser toolbar, click Endpoint Verification extension.
    2. Click Sync now.
      manual sync

    A successful sync indicates that Endpoint Verification is communicating with CrowdStrike's Falcon sensor.

Verify Falcon ZTA data on devices

  1. From the Admin console Home page, go to Devices.

    Go to Devices
  2. Click Endpoints.
  3. Select any device from your organizational unit for which Falcon ZTA is enabled.
  4. Verify that the CrowdStrike data is listed in the Third-party services section.

    Device page
  5. To see the complete details, expand the Third-party services section.

    The following image shows details of the data collected by Falcon ZTA:

    Device page2

Sync Falcon ZTA data on devices

After you set up the BeyondCorp Enterprise and Falcon ZTA integration, Endpoint Verification automatically syncs and reports Falcon ZTA data every one hour. You can also sync the device data manually, whenever required.

To sync the device data manually, do the following:

  1. From the Chrome browser toolbar, click Endpoint Verification extension.
  2. Click Sync now.
    manual sync

What's next