4. Integrations
This document gives you a guideline how to integrate MetaAccess to your existing solution to enforce device posture check.
A few integration use cases include:
-
empower your existing SSL VPN/NAC solution with MetaAccess by checking device security prior to access to your network
-
Include MetaAccess as a feed into your RMM (Remote Monitoring & Management) platform for full visibility into the security and compliance state of your environment
-
Integrate MetaAccess into your existing MDM solution to assess the security and compliance state on new BYOD devices
How does it work?
MetaAccess agent runs on an endpoint and periodically checks compliance status of the device against a security baseline (policy) configured on your MetaAccess account. This compliance information for the endpoint is stored locally and also available from the MetaAccess cloud. Your solution uses the compliance information to make enforcement actions.
When a user accesses to your service, your solution needs to query MetaAccess via our OAuth API or use Custom Policy Check to check the device's compliant status. After getting device status, your solution then makes decision on granting access for the device and shows error messages to end-user in each use case.
You can use either device MAC address or device ID to query device health and compliance status via OAuth API. MetaAccess generates an unique identity for each device and offers multiple mechanisms to retrieve Device ID such as Brower Cookies, Agent Certificate, and Cross-Domain API if endpoints are running persistent agents
A comparison of solutions to retrieve Device ID
|
Registry or p-list values |
Browser Cookie |
Agent Certificate |
Cross-domain API |
Universal Link |
Agent required |
Yes |
No |
No |
No |
No |
User right |
admin |
All |
All |
All |
All |
OS |
Windows and macOS |
Windows only |
Windows and macOS |
Windows, macOS, and Linux |
Android and iOS |
Reliability |
High |
Low |
High |
High |
High |
Browsers |
All |
IE, Firefox, Chrome |
IE, Firefox, Chrome, Safari |
All |
All |
Browser mode |
All |
Not support Incognito or In Private mode |
All |
All |
All |
User Interaction |
No |
No |
Maybe |
No |
Yes |
Security |
High |
Low |
High |
High |
High |
Can be deleted accidentally by user |
No |
Yes |
No |
No |
No |
How could I integrate my solution with MetaAccess?
It's easy to integrate with the MetaAccess platform, and the available APIs allow you to efficiently integrate the MetaAccess features with your own solution. From the agent to the cloud, we have you covered.
Sign Up For An Account
You will need to set up a MetaAccess account in order to begin your work. Go here to create an account on OPSWAT Portal. Once your account is created, you can proceed to log into MetaAccess console to set up your MetaAccess account. You may monitor up to 50 devices for your development free of charge. If you would like to add more devices to your account, please contact our Sales for pricing information.
Read Our Documents
Before you begin your implementation, you will need to identify your specific use case:
-
API based application: If you wish to create an application to fetch data (devices, device compliance status, reports,...) or do batch actions (delete devices, exempt devices, ...) on your account, you should go through our MetaAccess APIs documents
-
Integration: If you wish to integrate MetaAccess with your solution, 146626850 document is here for your reference.
-
If you would like to prevent risky devices from accessing your cloud applications through SAML SSO, you can check out how to configure your IdP and applications here
Start Implementation
You may now start implementing/configuring your applications/solutions. Be sure to refer to this user guide for detailed information on any issues you might wish to troubleshoot.
Test Your Solution
It's time for you to test your work. Before testing, you need to back to your MetaAccess console to download a proper agent and install it on your endpoints. Read our KB
How do I deploy or distribute OPSWAT Client to my devices? to know how to distribute OPSWAT Client to your devices.
Release
Congratulations! You got there. You can celebrate a party to say cheers with your team.
If you would like to enhance device security check on your existing solution, check out our existing integrations here.