Iru Configuration

Background

Twingate integrates with Iru so that admins can set it as a requirement to sign in to Twingate or access private Resources. When Iru is selected as a trust method within Device Security, it can be incorporated into Security Policies. Only macOS devices that are verified through the Iru integration will be considered to satisfy the Trusted Profile and be allowed to access private Resources.

How it works

Twingate integrates with Iru by using the Iru API to pull a list of devices managed under the configured tenant. The Twingate Client returns the device serial number and matches it to the list of serial numbers from Iru. Devices are considered Iru-verified if they meet the following requirements:

• Its serial number is returned by Iru
• Has reported to Iru within the past 7 days
• Has the Iru agent installed
• Has an MDM profile installed
• Has not been removed from Iru

Generate an API Key

• In the Iru web app, open Settings in the left panel
• Click on Access in the top bar
• Scroll down to API Token and select Add Token
• Type a Name and Description for your token
• Save your API token. You’ll need it later

Configure the API Token

• When the Manage API Permissions modal pops up, click on Configure
• Under Devices, select Device details and Device list

Configuring the Iru integration in Twingate

1. In Twingate, navigate to Settings and then select Device Integration

2. Select Connect next to Iru and input your Iru credentials.

Enter your Iru URL with the format <subdomain>.api.kandji.io or <subdomain>.api.eu.kandji.io

3. After the integration is configured, the Device Settings page will show the current status of the integration

Incorporating Iru into Security Policies

After the Iru integration has been set up, it can be configured into Device Security Trusted Profiles.

For macOS, create a Trusted Profile and require Iru as a Trust Method. Only devices considered Iru-verified will satisfy the requirements of this Trusted Profile. This Trusted Profile can now be incorporated into Security Policies.

Troubleshooting

After the Iru integration is set up, the Device Settings page will show the status as “Waiting to sync”. During this time, devices may be missing the correct Iru verification state. After a few minutes, the Device Integration page will show the most recent sync time, and devices will correctly show their state on their device details page.

A device can be listed as Iru not verified for the following reasons:

• The device is not managed by Iru
• The device has not reported back to Iru within the past 7 days
• The Iru agent has been uninstalled from the device
• The device does not have an MDM profile installed
• The device has been removed from Iru

In the case of a recoverable error (e.g. the Iru API is unresponsive), the Iru integration will show that it has failed to sync and indicate the time of the last successful sync. The Device Settings page will reflect the time of the last successful sync. When we are able to reach the Iru API, the errors will be resolved automatically.

In the case of an unrecoverable error (e.g. the Iru credentials are no longer valid, have been deleted, or the permissions have been altered), the Iru integration will stop attempting to connect. Admins will be notified via email that the Iru integration needs attention. For these errors, we recommend reconfiguring the integration and inputting new API client information.