Configure the Endpoint Security Plug-in for Kaseya VSA

You must configure the plug-in to access the Endpoint Security Management API in WatchGuard Cloud. This enables you to connect with WatchGuard Cloud and download your managed account data. You can then map your WatchGuard Cloud managed accounts with your existing Kaseya VSA customer accounts.

Enable API Access in WatchGuard Cloud

WatchGuard public APIs use the Open Authorization (OAuth) 2.0 authorization framework for token-based authentication. To use the Endpoint Security Management API, you must first enable API access in your WatchGuard Cloud account to retrieve the required parameters for your plug-in configuration. For more information, see Enable API Access in WatchGuard Cloud.

To enable API access in WatchGuard Cloud:

  1. Log in to WatchGuard Cloud.
    If you are a Service Provider, from Account Manager, select My Account or a managed account.
  2. Select Administration > Managed Access.
  3. Click Enable API Access.

Screen shot of the Enable API Access page in WatchGuard Cloud

  1. Specify the readwrite and readonly passwords to use as your API access credentials.

Screen shot of the Enable API Access password page in WatchGuard Cloud

Passwords must include an uppercase letter, a lowercase letter, a number, and a special character. The Read-write password and the Read-only password must be different.

You must use the Read-write Access ID and password for the plug-in configuration.

  1. Select the I agree to the terms and conditions in the WatchGuard APIs License Agreement check box.
  2. Click Save.

After you enable API access, parameters appear that you must specify in your plug-in configuration. You can see the parameters on the Administration > Managed Access page in WatchGuard Cloud.

Screen shot of the Administration > Managed Access page with API information in WatchGuard Cloud

The base URL varies by region. This example shows a US-based server.

Configure the Plug-in

You configure the Endpoint Security Plug-in for Kaseya VSA on the Connections page.

Screen shot of the Endpoint Security Plug-in for Kaseya VSA Connections page

To configure the WatchGuard Endpoint Security plug-in:

  1. Click the WatchGuard Endpoint Security icon in the left navigation pane.
    The Dashboard page opens by default.
  2. Click Allow to grant WatchGuard Endpoint Security access to your Kaseya account.

Screen shot of the consent page in the Kaseya VSA UI

  1. On the Connections page, configure the following parameters. We recommend you copy and paste the URLs to avoid errors.
    • Authentication API URL — Enter the URL to authenticate API access to WatchGuard Cloud. The Authentication API URL is case-sensitive. The base URL varies by region. For example, the US region URL is: https://api.usa.cloud.watchguard.com/oath/token
    • API URL — Enter the URL for API access to WatchGuard Cloud.
      The base URL varies by region. This example uses US-based servers.

      For WatchGuard Endpoint Security product customers, type this URL: https://api.usa.cloud.watchguard.com/rest/endpoint-security/management
      For Panda Aether platform customers, type this URL: https://api.usa.cloud.watchguard.com/rest/aether-endpoint-security/aether-mgmt
    • Account ID — Enter the WatchGuard Cloud Account ID of the managed account for which you want to make API requests. This must be the Account ID of a service provider or subscriber account that you manage in WatchGuard Cloud. To view your account ID, select Administration > My Account in WatchGuard Cloud.
    • Access ID — Enter the Access ID for Read-write API access to WatchGuard Cloud.
    • Access Password — Enter the password for the Read-write Access ID you specified for API access to WatchGuard Cloud.
    • Make sure you specify the Read-write Access ID and password for API access. The Read-only Access ID might cause errors when you use the plug-in.

    • API Key — Enter the API key associated with your WatchGuard Cloud account.
    • Devices protection status — Specify how often, in minutes, to connect to WatchGuard Cloud and update protection status data for devices.
    • Other information — Specify how often, in minutes, to connect to WatchGuard Cloud and update other information.

Test the Connection

To test the connection for WatchGuard Cloud API access, click Test.

If the connection is successful, the plug-in saves the configuration and enables you to continue to the client mapping process. For more information, see Map Kaseya VSA and WatchGuard Cloud Accounts.

If you configure the plug-in with a WatchGuard Cloud Service Provider account, the plug-in also retrieves all managed accounts of the Service Provider account. This process might take several seconds to retrieve account data from WatchGuard Cloud.

If the connection is not successful:

  • Make sure the Access ID for API access is enabled in WatchGuard Cloud.
  • Make sure the Access ID and password are for the correct WatchGuard Cloud Account ID.
  • Verify the API Key.
  • Make sure the Account ID is correct.
  • Check if the WatchGuard Cloud Account ID was removed or merged with another account.

Refresh Client Lists

To manually synchronize WatchGuard clients and Kaseya clients, click Refresh Client Lists.

Remove Plug-in Data

You can remove all data from the plug-in for the current user, including all customer account data and your WatchGuard Cloud API access information. You can also remove the plug-in from the Kaseya VSA UI. For more information, see Remove the Endpoint Security Plug-in for Kaseya VSA.

To remove all data from the plug-in:

  1. Click Remove Data.
    A confirmation message appears.
  2. To confirm that you want to remove all plug-in data, click Yes.
  3. If you want to restart and reconfigure the plug-in, close and restart Kaseya VSA.

See Also

Install the Endpoint Security Plug-in for Kaseya VSA

Managed Endpoints

Remove the Endpoint Security Plug-in for Kaseya VSA