search

AppOmni Integration Using SSF

hashtag
Overview

Identity Intelligence can receive security events and signals from AppOmni using the Shared Signals Framework (SSF). This integration allows Identity Intelligence to ingest security telemetry from services monitored by AppOmni to enhance identity-based threat detection.

This document walks you through creating a long-lived OAuth token in AppOmni and configuring the AppOmni Receiver using Identity Intelligence.

hashtag
Requirements

The following requirements are necessary for the AppOmni SSF integration:

  • An AppOmni administrator account with access to Settings and API Settings

  • Access to your Cisco Identity Intelligence tenant with permissions to manage Integrations

  • The base URL for your AppOmni instance (for example, https://<your-appomni-tenant>)

hashtag
AppOmni Configuration Steps (Create a long-lived OAuth token)

  1. Sign in to your AppOmni instance.

  2. In the left navigation, expand Settings and select API Settings.

  3. On the API Settings page, click Add Application.

  4. In the Create new OAuth application dialog box, enter a Name and an optional Description.

  5. Follow the prompts on your screen to save the changes.

  6. In the API Settings table, select the application you just created to open its details.

  7. Open the Manage Tokens tab page.

  8. Click + OAuth Token.

  9. In the Manually Create OAuth Token dialog box:

    1. Enter a Description (for example, SSF token for CII)

    2. Set the Token Expiration date according to your security policy (for a long-lived token, select an appropriately long expiration).

    3. Click Submit. Copy the generated token immediately and store it securely. (The token cannot be viewed again after closing the dialog box.)

  10. In API Settings, select the application you just created to open its details.

  11. Open the Manage Tokens tab page.

  12. Click OAuth Token.

  13. In the Manually Create OAuth Token dialog box:

    1. Enter a Description (for example, SSF token for CII).

    2. Set the Token Expiration date according to your security policy (for a long-lived token, select an appropriately long expiration).

    3. Click Submit.

    4. Copy the generated token immediately and store it securely. (The token cannot be viewed again after you close the dialog box.)

hashtag
Add the AppOmni Receiver in Identity Intelligence

  1. Log in to your Cisco Identity Intelligence tenant as an administrator.

  2. Click Integrations.

  3. Scroll to the Shared Signals section.

  4. Locate the AppOmni Receiver card and click Add AppOmni Receiver.

  5. Enter the following information:

    1. Name and optional Description.

    2. AppOmni URL: The base URL of your AppOmni instance.

    3. Token: Paste the OAuth token you created earlier in AppOmni.

  6. Click Connect.

PreviousShared Signals Framework (SSF) and SSF ReceiversNextSlack

Last updated