Control now offers its users the ability to enable inbound integrations into the platform! With this update, Control users can seamlessly connect, enable, and access additional security data, empowering them to attain a more precise assessment of their cyber risk posture
Note: Integrating your services will not impact your insurability or insurance costs. It can, however, help reduce your likelihood of experiencing a cyber incident.
How does this benefit me as a user of Control?
Whether you are a Coalition policyholder preparing for your renewal or an IT/Security Administrator who has purchased Control to gain a better understanding of your attack surface, Control Integrations will help you incorporate additional security data into Control. This, in turn, will ultimately enable Coalition to provide a more comprehensive assessment of your cyber risk.
What Integrations are currently available?
Integration | Description |
Google Workspace |
Connect Control to your Google Workspace account, configure Multi-factor authentication (MFA), and bring in key data points such as:
|
Microsoft 365 |
Connect Control to your Microsoft 365 account to help you monitor key security configurations such as:
|
(Amazon Web Services) |
Connect Control to your AWS account to bring in key data points such as:
|
SentinelOne EDR |
Connect Control to your SentinelOne EDR tool to bring in key data points such as:
|
FAQs
How do I enable an integration?
- Request your IT / Security Administrator to login to Control through control.coalitioninc.com.*
- Access the Integrations page via the left-hand navigation or through the following URL: control.coalitioninc.com/manage-integrations/
- Select the integration you would like to enable. Ensure that you have the appropriate authorization as an IT/Security Administrator for your organization's account regarding the integration you are attempting to connect with.
- Follow the steps to connect with your desired integration. You will be prompted for additional authorization to grant Control access to this data.**
- Once you follow all of the steps, Control will indicate what data is now being brought into the platform.
- Congratulations! You have successfully set up an integration via Control! 🎉
*If you or your IT / Security Administrator do not have a Control account, please reach out to us at control@coalitioninc.com and we'll be more than happy to set you up with an account.
**Control will NEVER change any type of credentials or security permissions with your organization's account with the integration.
How do I disable an integration?
There are multiple ways to disable an integration.
Via Coalition Control
- Locate the integration you'd like to disable
- Click "Disconnect" to disable the integration and follow the steps.
You can manage all third-party connections within your google workspace, this is described here: https://support.google.com/a/answer/7281227
Microsoft
A Microsoft 365 integration can alternatively be deleted via your Microsoft admin portal.
Follow the Microsoft documentation found here: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/delete-application-portal
AWS
AWS integration can disconnected by deleting the "CoalitionApp" stack on your AWS CloudFormation account. Follow the steps on this AWS documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html
It says MFA isn't configured for Microsoft, but I'm sure it's set up.
First, there's a distinction between "enabling" and "enforcing" MFA. You may have enabled MFA, allowing users to set up MFA, but not have enforced it, thereby requiring them to do so. That distinction can be confusing.
There are different ways to effectively enforce MFA within Microsoft. Coalition Control checks for a specific "Security Defaults" policy that enforces MFA. This is the most prevalent way in which smaller and medium tenants enforce MFA, but it is not the only way to do so.
For example, more complex setups may choose to enforce MFA via Conditional Access. Because Conditional Access can be configured in very nuanced ways, Coalition Control will not pick up on this as enforcing MFA. This is a known limitation.
What permissions does Control need and why?
The permissions required for Google are displayed as part of the connection process.
We ask for the following permissions: https://www.googleapis.com/auth/userinfo.email
Microsoft
The permissions required for Microsoft are displayed as part of the connection process.
We ask for the following Read permissions to show you how you should configure your M365 environment to be best protected:
- offline_access
- User.Read.All
- UserAuthenticationMethod.Read.All
- Organization.Read.All
- Policy.Read.All
- ScopeAuditLog.Read.All
- Directory.Read.All
- ScopeMailboxSettings.Read.All
- SecurityEvents.Read.All
We additionally ask for User.ReadWrite.All
This permission allows you to remove Coalition's access when you "disable an Integration" through the Control Dashboard.
AWS
We utilize a managed AWS policy called Security Audit. You can read more about this policy here: https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SecurityAudit.html
This can be freely inspected as part of the creation process.
Google: Access to your Account Data is restricted by policies within your organization
Your google workspace may be configured to disallow third party applications (such as coalition control.)
First, verify that this is the issue
- Go to your google workspace admin console, then click “security” in the left hand menu, then “Access and data control”, then “API Controls.” In the main window on the right, click on “settings”
Alternatively, if you’re logged in, this link should take you to that exact page: https://admin.google.com/ac/owl/settings - Click on “Unconfigured third-party apps”
-
Is the selected setting “Don't allow users to access any third-party apps” or “Allow users to access third-party apps that only request basic info needed for Sign in with Google”?
If so, let's add Coalition Control as a trusted third party application
- Go back to “API Controls” (you can use the breadcrumbs at the top or use the left menu bar and click on “API Controls” again.)
- Click on “Manage Third Party App Access”
- Click “Add App”
- Select “OAuth App Name or Client ID”
- As Client ID, use 61449437929-vf8csdjsqj46oqcutaevt1rg0ge936pr.apps.googleusercontent.com
Alternatively, search for “Coalition Control” - Select "Coalition Control" as the application
- Select “All Users”. Alternatively, we could configure this just for an org unit that contains the admin user, but this is unnecessary and does not provide an appreciable security benefit, so I’d just select “All Users”
- Select “Trusted” (you’ll still get a chance later to review what data coalition control will have access to before granting it!)
- “Continue” -> “Finish”