I’m not really sure what you’re thinking when you say different API connection methods. I think you’re hinting at the whole ZTNA/ZTHA/ZTAA thing. I can do a session on that again, sure.
1 Like
That would be great.
How about a simple conversation on how we can use a secure zero-trust network in a simple DevSecOps program so that we can prevent companies from becoming the next Uber? I estimate 3 minutes to cover the concept.
It would be very useful to have a Ziti TV where you show how to configure External JWT Signers (Keycloak, for example) and show how to use them in order to create and enroll identities.
1 Like
I’m guessing you’ve seen this, but here’s a related ZitiTV from a couple of months ago when we released initial support for external JWT signers: Ziti TV Mar 31 2023 - OIDC/External signers/Keycloak working session - YouTube
Hi, would be very useful to show how to configure a SentinelOne posture check, not using the process but through the sentinel API. Maybe this feature is something already in dev?
Hi @Quentin, welcome to the community and to OpenZiti!
At this time, there's no way to integrate with other APIs from posture checks, but that sort of thing makes perfect sense to me! When that becomes a reality, that sounds like a fun Ziti TV. It also fits into querying something else like OPA too, so it totally makes sense to me!
Building on this @Quentin, this is something we do in CloudZiti with other tools (S1 could be done in the future). As @TheLumberjack says, it's not via the posture check, we do it via an API integration, so that if the external EDR says the device is insecure, services are removed from the endpoint in question.
If i understantd well, there is a custom development in cloudziti that calls the sentinelone api to check the device satus and if secure, through controller apis, removes the services associated with the device?
Exactly. You understand.