Security Integration

CrowdStrike

Connect TigerIdentity to CrowdStrike Falcon for risk-based access control, automated threat response, and endpoint-aware authorization decisions.

Book a DemoView Documentation

Key Features

Endpoint Posture

Ingest endpoint security posture from CrowdStrike Falcon for risk-based access decisions.

Threat Intelligence

Integrate CrowdStrike threat detections into TigerIdentity access policies.

Real-Time Events

Subscribe to CrowdStrike detections and prevention events for instant response.

Zero Trust Context

Use device trust scores and security posture in dynamic access control decisions.

Automated Response

Automatically revoke access when CrowdStrike detects compromised endpoints.

Vulnerability Data

Ingest vulnerability scan results to enforce access policies based on device patching status.

How It Works

1

Connect

Configure the CrowdStrike connector with API credentials to access Falcon platform.

2

Ingest Security Data

TigerIdentity continuously ingests endpoint posture, detections, and vulnerability data.

3

Enforce Policies

Use CrowdStrike security signals in access policies to make risk-aware authorization decisions.

Configuration Example

connector:
  type: crowdstrike
  name: "crowdstrike-production"

  config:
    client_id: "${CROWDSTRIKE_CLIENT_ID}"
    client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"
    base_url: "https://api.crowdstrike.com"

  sync:
    hosts: true
    detections: true
    vulnerabilities: true
    prevention_policies: true

  events:
    - detection.new
    - detection.critical
    - host.compromised
    - prevention.blocked

  policies:
    - name: "block-compromised-devices"
      condition: "host.status == 'compromised'"
      action: "revoke_all_sessions"

  mapping:
    device_attributes:
      - crowdstrike: hostname
        tiger: device_name
      - crowdstrike: os_version
        tiger: os_version
      - crowdstrike: last_seen
        tiger: last_activity

Use Cases

Risk-Based Access Control

Dynamically adjust access privileges based on real-time endpoint security posture from CrowdStrike.

Compromised Device Response

Automatically revoke all access for users on compromised endpoints detected by CrowdStrike.

Patch Compliance Enforcement

Require devices to meet minimum patching standards before granting access to sensitive resources.

Threat-Aware Governance

Block high-risk access requests when CrowdStrike detects active threats on user devices.

Ready to connect CrowdStrike?

See how TigerIdentity integrates with your CrowdStrike environment in a personalized demo.

Schedule Your Demo