Set up BeyondCorp Enterprise and Falcon ZTA integration

This document shows you how to set up BeyondCorp Enterprise and CrowdStrike Falcon Zero Trust Assessment (Falcon ZTA) integration. Setting up this integration involves ensuring that your environment satisfies Falcon ZTA's requirements and enabling Falcon ZTA on your organizational units.

Before you begin

• Ensure that your environment satisfies the following Falcon ZTA requirements:

  • CrowdStrike's Falcon sensor is installed on your devices.
  • The data.zta file is available in any of your test devices with some content at %ProgramData%\CrowdStrike\ZeroTrustAssessment\data.zta or /Library/Application Support/Crowdstrike/ZeroTrustAssessment/data.zta.
  • Your CrowdStrike instance (or CID) has access to an Insight subscription.
  • The CID is enabled in order to receive the data.ztafile. To enable CID, file a support ticket to support@crowdstrike.com.

• Ensure that the devices in your organization run one of the following operating systems:

  • macOS version 10.11 or later
  • Microsoft® Windows 10, Server 2016 or 2019, or later
• Set up Endpoint Verification for your organization.
• Install Endpoint Verification helper app on all the devices in your organization.

Connect to Falcon ZTA

1. From the Admin console Home page, go to Devices.

   Go to Devices
2. In the navigation menu, click Mobile & endpoints > Settings  > Third-party integrations > Security and MDM partners  > Manage.
3. Look for CrowdStrike and click Open connection.

   The BeyondCorp Alliance partners page shows that the connection is open.

4. Close the BeyondCorp Alliance partners page.

Enable Falcon ZTA for your organizational unit

To collect device information by using Falcon ZTA, enable Falcon ZTA for your organizational unit by doing the following:

1. From the Admin console Home page, go to Devices.

   Go to Devices
2. In the navigation menu, click Mobile & endpoints > Settings > Third-party integrations > Security and MDM partners.
3. From the Organizational units pane, select your organization unit.

4. Select the checkbox for CrowdStrike, and click Save.

   CrowdStrike is now listed in the Security and MDM partners section. Depending on the size of your organization, it might take a few seconds to establish the connection between Endpoint Verification and Falcon ZTA. After the connection is established, the devices might take a few minutes to an hour to report Falcon ZTA data.

5. To verify the connection status, do the following:
   1. From the Chrome browser toolbar, click Endpoint Verification extension.
   2. Click Sync now.
      

   A successful sync indicates that Endpoint Verification is communicating with CrowdStrike's Falcon sensor.

Sync Falcon ZTA data on devices

After you set up the BeyondCorp Enterprise and Falcon ZTA integration, Endpoint Verification automatically syncs and reports Falcon ZTA data every one hour. You can also sync the device data manually, whenever required.

To sync the device data manually, do the following:

1. From the Chrome browser toolbar, click Endpoint Verification extension.
2. Click Sync now.
   

Verify Falcon ZTA data on devices

1. From the Admin console Home page, go to Devices.

   Go to Devices
2. Click Endpoints.

3. Select any device from your organizational unit for which Falcon ZTA is enabled.

   

4. Verify that the CrowdStrike data is listed in the Third-party services section.

   

5. To see the complete details, expand the Third-party services section.

   The following image shows details of the data collected by Falcon ZTA:

   

What's next

• Create and assign custom access levels