Configure the Endpoint Security Plug-in for Kaseya VSA

You must configure the plug-in to access the Endpoint Security Management API in WatchGuard Cloud. This enables you to connect with WatchGuard Cloud and download your managed account data. You can then map your WatchGuard Cloud managed accounts with your existing Kaseya VSA customer accounts.

If a default configuration is enabled for your account, you inherit that configuration. If you want to change the configuration for your account only, make sure the Default configuration check box is clear when you save your configuration. If you change the configuration and the Default configuration check box is selected when the configuration is saved, the new configuration applies to all users that have the default configuration enabled.

Enable API Access in WatchGuard Cloud

WatchGuard public APIs use the Open Authorization (OAuth) 2.0 authorization framework for token-based authentication. To use the Endpoint Security Management API, you must first enable API access in your WatchGuard Cloud account to retrieve the required parameters for your plug-in configuration. For more information, see Enable API Access in WatchGuard Cloud.

To enable API access in WatchGuard Cloud:

  1. Log in to WatchGuard Cloud.
    If you are a Service Provider, from Account Manager, select My Account or a managed account.
  2. Select Administration > Managed Access.
  3. Click Enable API Access.

Screen shot of the Enable API Access page in WatchGuard Cloud

  1. Specify the readwrite and readonly passwords to use as your API access credentials.

Screen shot of the Enable API Access password page in WatchGuard Cloud

Passwords must include an uppercase letter, a lowercase letter, a number, and a special character. The Read-write password and the Read-only password must be different.

You must use the Read-write Access ID and password for the plug-in configuration.

  1. Select the I agree to the terms and conditions in the WatchGuard APIs License Agreement check box.
  2. Click Save.

After you enable API access, parameters appear that you must specify in your plug-in configuration. You can see the parameters on the Administration > Managed Access page in WatchGuard Cloud.

Screen shot of the Administration > Managed Access page with API information in WatchGuard Cloud

The base URL varies by region. This example shows a US-based server.

Configure the Plug-in

You configure the Endpoint Security Plug-in for Kaseya VSA on the Connections page.

Screen shot of the Endpoint Security Plug-in for Kaseya VSA Connections page

To configure the WatchGuard Endpoint Security plug-in:

  1. Click the WatchGuard Endpoint Security icon in the left navigation pane.
    The Dashboard page opens by default.
  2. Click Allow to grant WatchGuard Endpoint Security access to your Kaseya account.

Screen shot of the consent page in the Kaseya VSA UI

  1. On the Connections page, configure the following parameters. We recommend you copy and paste the URLs to avoid errors.
    • Authentication API URL — Enter the URL to authenticate API access to WatchGuard Cloud. The Authentication API URL is case-sensitive. The base URL varies by region. For example, the US region URL is: https://api.usa.cloud.watchguard.com/oauth/token
    • API URL — Enter the URL for API access to WatchGuard Cloud.
      The base URL varies by region. This example uses US-based servers. For WatchGuard Endpoint Security product customers, type this URL:
      https://api.usa.cloud.watchguard.com/rest/endpoint-security/management
    • Account ID — Enter the WatchGuard Cloud Account ID of the managed account for which you want to make API requests. This must be the Account ID of a service provider or subscriber account that you manage in WatchGuard Cloud. To view your account ID, select Administration > My Account in WatchGuard Cloud.
    • Access ID — Enter the Access ID for Read-write API access to WatchGuard Cloud.
    • Access Password — Enter the password for the Read-write Access ID you specified for API access to WatchGuard Cloud.

      • Make sure you specify the Read-write Access ID and password for API access. The Read-only Access ID might cause errors when you use the plug-in.

    • API Key — Enter the API key associated with your WatchGuard Cloud account.
    • Default configuration — To apply configuration changes to your account only, clear the Default configuration check box. If the Default configuration check box is selected and changes are saved, the new configuration applies to all users in the current Kaseya tenant.

If you are the administrator for multiple users, you can set a default configuration for your users and hide the Connections page. Your users will inherit the configuration, but can have their own mappings, auto deployment, device information, and security information. The default configuration check box will show on other pages, but as read-only, which lets your users know that they inherited a default configuration. To hide the Connections page from other users, go to Security Roles > TAP Apps and modify the page visibility.

Test the Connection

To test the connection for WatchGuard Cloud API access, click Test Connection.

If the test connection is not successful:

  • Make sure the Access ID for API access is enabled in WatchGuard Cloud.
  • Make sure the Access ID and password are for the correct WatchGuard Cloud Account ID.
  • Verify the API Key.
  • Make sure the Account ID is correct.
  • Check if the WatchGuard Cloud Account ID was removed or merged with another account.

Remove All Plug-in Data

You can remove all data from the plug-in for the current user, including all customer account data and your WatchGuard Cloud API access information. You can also remove the plug-in from the Kaseya VSA UI. For more information, see Remove the Endpoint Security Plug-in for Kaseya VSA.

To remove all data from the plug-in:

  1. Click Remove All Data.
    A confirmation message appears.
  2. To confirm that you want to remove all plug-in data, click Yes.
  3. If you want to restart and reconfigure the plug-in, close and restart Kaseya VSA.

Refresh the API Token

If you detect or suspect a security breach, you click Refresh Token to change the API token for the plug-in.

Connect

Click Connect to establish the connection. If the connection is successful, the plug-in saves the configuration and enables you to continue to client mapping. For more information, go to Map Kaseya VSA and WatchGuard Cloud Accounts.

If you configure the plug-in with a WatchGuard Cloud Service Provider account, the plug-in also retrieves all managed accounts of the Service Provider account. This process can take some time if the account has many clients.

Related Topics

Install the Endpoint Security Plug-in for Kaseya VSA

Managed Endpoints

Remove the Endpoint Security Plug-in for Kaseya VSA