Endpoint Security

Search

NinjaOne

NinjaOne RMM Overview

Our NinjaOne RMM integration gives you the ability to sync user and device-related information from the NinjaOne RMM account and automates compliance checks and evidence collection using the available data provided by NinjaOne RMM REST APIs. 

Compliance requirements automated via NinjaOne

Our integration can automatically collect evidence for the following compliance requirements:

  • Anti-virus installed and running for user endpoints
  • Hard drive encryption for user endpoints
  • Multi-factor authentication for SSO providers
  • Accounts deprovisioned

Due to API limitations on NinjaOne's end, other requirements are not able to be automated.

Connecting the integration

Go to Integrations > AVAILABLE > NinjaOne and then follow the steps provided there. (If you have the Custom Integration feature, click on "Add native connection"). 

View our video walkthrough here

Screenshot 2024-07-25 at 20.04.00.png

Step 1: Open the NinjaOne Console and sign in


Step 2: Create the API app

  • On the left-hand side menu, click on Administration (), then AppsAPI, and click the Add button on the right. 

Screenshot 2024-07-24 at 4.41.37 PM.png

  • Application platform: Select API Services (machine-to-machine).
  • Name: Defines the name of your application. This will be displayed in the application list.
  • Redirect URIs: Leave this field empty.
  • Scopes: Select only Monitoring.
  • Allowed Grant Types: Select only the Client Credentials checkbox.
  • Important: Uncheck the Authorization Code.
  • Click Save at the top right corner of the page.

Screenshot 2024-07-24 at 4.37.35 PM.png

 

Step 3: Get the credentials of the API app and apply them to the form

  • In a pop-up window, you will see your Client Secret. Copy it and keep it in a safe place. Also, paste it into the Client Secret field below.
  • Click Close at the top right corner of the page, and you will be redirected to the Client App IDs page.
  • You will see your newly created app in the list. Copy the Client ID of the newly created app and paste it into the Client ID field below.

Step 4: Get the subdomain and the Organization ID

  • Select your regional subdomain from the dropdown list. You can locate this in the URL of your NinjaOne console.
  • On the left-hand side menu of your NinjaOne console, click on Administration (), then go to Organizations. Locate and click on the organization you want to sync.

Screenshot 2024-07-24 at 4.20.02 PM.png

  • The Organization ID will be displayed in the URL. For example, if the URL is https://app.ninjarmm.com/#/editor/customer/1, the Organization ID is 1.
  • Copy the Organization ID and paste it in the respective field.

Screenshot 2024-07-24 at 4.20.12 PM.png

 

Step 5: Click on the Start Connection

API endpoints consumption

  • GET [API_URL]/v2/organization/{id}/end-users
  • GET [API_URL]/v2/organization/{id}/devices
  • GET [API_URL]/v2/queries/volumes/df=org%3D{id}
  • GET [API_URL]/v2/queries/antivirus-status/df=org%3D{id}

Permissions, Fields Pulled, Controls, and Automated Tests

  1. Click the provided link or navigate to the “Integration” page.
  2. Select the “Available” tab.
  3. Search for the integration.
  4. Click “View Details”

Troubleshooting the Regional Subdomain Step

In some cases, customers may experience connection failures during the “Enter regional subdomain” step if the subdomain or domain is misidentified.

Common Issues:

  • Incorrect Subdomain Entry: Instead of using a standard subdomain like app, customers may mistakenly enter their company name (e.g., finboa), resulting in a failed connection.

  • Unexpected Domain Format: Occasionally, users may see their NinjaOne portal hosted on a domain like exampleplatform.com rather than the more commonly expected standarddomain.com. This inconsistency can lead to confusion during setup.

Recommended Solution:

Even if the NinjaOne URL includes a nonstandard domain, the subdomain entered here must be one of the following regional values:

app, us2, ca, eu, oc

Try using the regional subdomain that matches your signup region. If you're unsure, start with app as this is commonly used and has worked for many customers—even when their NinjaOne portal uses a different domain format.

If you're still unable to connect after trying all the above options, please contact Secureframe support for further assistance.

Frequently Asked Questions (FAQ)

Why I'm not seeing HD Encryption enabled even though the device has the hard drive encrypted?

  • If such a test is failing and you are not getting the green check on the HD Encryption column of the device(s) listed in the Asset Inventory, it probably means that the HD Encryption status is not reported to NinjaOne through the agent. Another reason can be that the device is MacOS or Linux based. NinjaOne does not provide HD Encryption status for MacOS and Linux devices.
  • If the device is a Windows device and you can see the HD Encryption details on the NinjaOne dashboard but still don't see the green check, please reach out to our Customer Success team to report this as an issue.

Can I use BitLocker for the "Hard drive encryption for user endpoints (NinjaOne)" test on AWS EC2 instances?

  • No. BitLocker requires a Trusted Platform Module (TPM), which is not available on AWS EC2 instances. While AWS supports native volume encryption, BitLocker itself will not work in that environment.

    This Secureframe test is specifically for workstations and user endpoints, not EC2 servers. As long as workstation devices are properly encrypted (e.g., with BitLocker on Windows or FileVault on macOS), you will meet the requiremen

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.