2. Integrations

This document gives you a guideline how to integrate MetaAccess to your existing solution to enforce device posture check.

A few integration use cases include:

  • empower your existing SSL VPN/NAC solution with MetaAccess by checking device security prior to access to your network

  • Include MetaAccess as a feed into your RMM (Remote Monitoring & Management) platform for full visibility into the security and compliance state of your environment

  • Integrate MetaAccess into your existing MDM solution to assess the security and compliance state on new BYOD devices

How does it work?

images/download/attachments/4355445/MetaAccess-Integration-181204-light%402x.png

MetaAccess agent runs on an endpoint and periodically checks compliance status of the device against a security baseline (policy) configured on your MetaAccess account. This compliance information for the endpoint is stored locally and also available from the MetaAccess cloud. Your solution uses the compliance information to make enforcement actions.

When a user accesses to your service, your solution needs to query MetaAccess via our OAuth API or use Custom Policy Check to check the device's compliant status. After getting device status, your solution then makes decision on granting access for the device and shows error messages to end-user in each use case.

You can use either device MAC address or device ID to query device health and compliance status via OAuth API. MetaAccess generates an unique identity for each device and offers multiple mechanisms to retrieve Device ID such as Brower Cookies, Agent Certificate, and Cross-Domain API if endpoints are running persistent agents


A comparison of solutions to retrieve Device ID

 

Registry or p-list values

Browser Cookie

Agent Certificate

Cross-domain API

Universal Link

Agent required

Yes

No

No

No

No

User right

admin

All

All

All

All

OS

Windows and macOS

Windows only

Windows and macOS

Windows, macOS, and Linux

Android and iOS

Reliability

High

Low

High

High

High

Browsers

All

IE, Firefox, Chrome

IE, Firefox, Chrome, Safari

All

All

Browser mode

All

Not support Incognito or In Private mode

All

All

All

User Interaction

No

No

Maybe

No

Yes

Security

High

Low

High

High

High

Can be deleted accidentally by user

No

Yes

No

No

No

How could I integrate my solution with MetaAccess?

It's easy to integrate with the MetaAccess platform, and the available APIs allow you to efficiently integrate the MetaAccess features with your own solution. From the agent to the cloud, we have you covered.

images/download/attachments/4355445/steps.png

Sign Up For An Account

You will need to set up a MetaAccess account in order to begin your work. Go here to create an account on OPSWAT Portal. Once your account is created, you can proceed to log into MetaAccess console to set up your MetaAccess account. You may monitor up to 50 devices for your development free of charge. If you would like to add more devices to your account, please contact our Sales for pricing information.

Read Our Documents

Before you begin your implementation, you will need to identify your specific use case:

  • API based application: If you wish to create an application to fetch data (devices, device compliance status, reports,...) or do batch actions (delete devices, exempt devices, ...) on your account, you should go through our MetaAccess APIs documents

  • Integration: If you wish to integrate MetaAccess with your solution, Integrations document is here for your reference.

  • If you would like to prevent risky devices from accessing your cloud applications through SAML SSO, you can check out how to configure your IdP and applications here

Start Implementation

You may now start implementing/configuring your applications/solutions. Be sure to refer to this user guide for detailed information on any issues you might wish to troubleshoot.

Test Your Solution

It's time for you to test your work. Before testing, you need to back to your MetaAccess console to download a proper agent and install it on your endpoints. Read our KB
How do I deploy or distribute OPSWAT Client to my devices? to know how to distribute OPSWAT Client to your devices.

Release

Congratulations! You got there. You can celebrate a party to say cheers with your team.

If you would like to enhance device security check on your existing solution, check out our existing integrations here.