You must configure the plug-in to access the Endpoint Security Management API in WatchGuard Cloud. This enables you to connect with WatchGuard Cloud and download your managed account data. You can then map your WatchGuard Cloud managed accounts with your existing Kaseya VSA customer accounts.
If a default configuration is enabled for your account, you inherit that configuration. If you want to change the configuration for your account only, make sure the Default configuration check box is clear when you save your configuration. If you change the configuration and the Default configuration check box is selected when the configuration is saved, the new configuration applies to all users that have the default configuration enabled.
Enable API Access in WatchGuard Cloud
WatchGuard public APIs use the Open Authorization (OAuth) 2.0 authorization framework for token-based authentication. To use the Endpoint Security Management API, you must first enable API access in your WatchGuard Cloud account to retrieve the required parameters for your plug-in configuration. For more information, see Enable API Access in WatchGuard Cloud.
To enable API access in WatchGuard Cloud:
- Log in to WatchGuard Cloud.
If you are a Service Provider, from Account Manager, select My Account or a managed account. - Select Administration > Managed Access.
- Click Enable API Access.
- Specify the readwrite and readonly passwords to use as your API access credentials.
Passwords must include an uppercase letter, a lowercase letter, a number, and a special character. The Read-write password and the Read-only password must be different.
You must use the Read-write Access ID and password for the plug-in configuration.
- Select the I agree to the terms and conditions in the WatchGuard APIs License Agreement check box.
- Click Save.
After you enable API access, parameters appear that you must specify in your plug-in configuration. You can see the parameters on the Administration > Managed Access page in WatchGuard Cloud.
The base URL varies by region. This example shows a US-based server.
Configure the Plug-in
You configure the Endpoint Security Plug-in for Kaseya VSA on the Connections page.
To configure the WatchGuard Endpoint Security plug-in:
- Click the WatchGuard Endpoint Security icon in the left navigation pane.
The Dashboard page opens by default. - Click Allow to grant WatchGuard Endpoint Security access to your Kaseya account.
- On the Connections page, configure the following parameters. We recommend you copy and paste the URLs to avoid errors.
- Authentication API URL — Enter the URL to authenticate API access to WatchGuard Cloud. The Authentication API URL is case-sensitive. The base URL varies by region. For example, the US region URL is: https://api.usa.cloud.watchguard.com/oauth/token
- API URL — Enter the URL for API access to WatchGuard Cloud.
The base URL varies by region. This example uses US-based servers. For WatchGuard Endpoint Security product customers, type this URL:
https://api.usa.cloud.watchguard.com/rest/endpoint-security/management - Account ID — Enter the WatchGuard Cloud Account ID of the managed account for which you want to make API requests. This must be the Account ID of a service provider or subscriber account that you manage in WatchGuard Cloud. To view your account ID, select Administration > My Account in WatchGuard Cloud.
- Access ID — Enter the Access ID for Read-write API access to WatchGuard Cloud.
- Access Password — Enter the password for the Read-write Access ID you specified for API access to WatchGuard Cloud.
- API Key — Enter the API key associated with your WatchGuard Cloud account.
- Default configuration — To apply configuration changes to your account only, make sure the Default configuration check box is clear. If the Default configuration check box is selected and changes are saved, the new configuration applies to all users who inherit the default configuration.
- Devices protection status — Specify how often, in minutes, to connect to WatchGuard Cloud and update protection status data for devices.
- Other information — Specify how often, in hours, to connect to WatchGuard Cloud and update other information.
Make sure you specify the Read-write Access ID and password for API access. The Read-only Access ID might cause errors when you use the plug-in.
Test the Connection
To test the connection for WatchGuard Cloud API access, click Test.
If the connection is successful, the plug-in saves the configuration and enables you to continue to the client mapping process. For more information, see Map Kaseya VSA and WatchGuard Cloud Accounts.
If you configure the plug-in with a WatchGuard Cloud Service Provider account, the plug-in also retrieves all managed accounts of the Service Provider account. This process might take several seconds to retrieve account data from WatchGuard Cloud.
If the connection is not successful:
- Make sure the Access ID for API access is enabled in WatchGuard Cloud.
- Make sure the Access ID and password are for the correct WatchGuard Cloud Account ID.
- Verify the API Key.
- Make sure the Account ID is correct.
- Check if the WatchGuard Cloud Account ID was removed or merged with another account.
Refresh Client Lists
To manually synchronize WatchGuard clients and Kaseya clients, click Refresh Client Lists.
Remove Plug-in Data
You can remove all data from the plug-in for the current user, including all customer account data and your WatchGuard Cloud API access information. You can also remove the plug-in from the Kaseya VSA UI. For more information, see Remove the Endpoint Security Plug-in for Kaseya VSA.
To remove all data from the plug-in:
- Click Remove Data.
A confirmation message appears. - To confirm that you want to remove all plug-in data, click Yes.
- If you want to restart and reconfigure the plug-in, close and restart Kaseya VSA.