--- title: CrowdStrike API Integration on Truto slug: crowdstrike category: Default canonical: "https://truto.one/integrations/detail/crowdstrike/" --- # CrowdStrike API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's CrowdStrike account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach CrowdStrike.** The Proxy API is a 1-to-1 mapping of the CrowdStrike API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Enrich user directories with endpoint security context** — SaaS companies can map users from their customers' identity providers to CrowdStrike device data, giving their product a unified view of who a user is and whether their endpoint is secure. This is essential for access management, compliance, and IT operations products. - **Automate compliance evidence collection across users and devices** — Compliance and audit SaaS products can pull user roles via Truto's Unified User Directory API and cross-reference them against CrowdStrike's device inventory to prove that high-privilege users have active EDR protection — eliminating manual spreadsheet audits for SOC 2 and similar frameworks. - **Enforce device-posture checks during authentication** — IAM and Zero Trust SaaS products can query a user's role and then check their device's security posture in CrowdStrike before granting access, blocking logins from compromised or non-compliant endpoints automatically. - **Trigger security workflows from employee lifecycle events** — HR and IT lifecycle platforms can detect user status changes (e.g., termination) via the Unified User Directory API and kick off downstream actions in CrowdStrike, such as flagging or containing the user's assigned device to prevent data exfiltration. ## What you can build - **User-to-device mapping dashboard** — Automatically correlate users and roles from your customer's directory with their assigned CrowdStrike-managed endpoints, giving a single pane of glass for identity-aware security posture. - **Continuous EDR coverage verification** — Cross-reference all users with privileged roles against CrowdStrike's device inventory to flag any employee who lacks an active, up-to-date Falcon agent on their machine. - **Role-based conditional access gates** — Use user role data from Truto's Unified User Directory API alongside CrowdStrike device health signals to enforce granular access policies — e.g., block admin-level users on non-compliant devices. - **Offboarding containment triggers** — Detect when a user's status changes to terminated in the directory and automatically surface or initiate the appropriate CrowdStrike network containment action for their assigned endpoint. - **Automated SOC 2 evidence export** — Generate audit-ready reports showing that every user with sensitive data access has a CrowdStrike-protected device, updated continuously without manual intervention. ## FAQs ### What Unified APIs does Truto support for CrowdStrike? Truto maps CrowdStrike to the Unified User Directory API, which provides standardized access to Users and Roles resources. Additional tools and endpoints can be built on request to cover CrowdStrike-specific capabilities like device inventory, detections, or containment actions. ### How does authentication work for CrowdStrike integrations via Truto? CrowdStrike Falcon uses OAuth 2.0 Client Credentials for API access. Your end users provide their CrowdStrike API Client ID and Client Secret (scoped to the permissions your integration requires), and Truto handles token management, refresh, and secure storage. ### Can I access CrowdStrike-specific data beyond the Unified User Directory API? Yes. Truto supports custom tools built on request. If you need access to CrowdStrike-specific endpoints like device inventory, Zero Trust Assessment scores, detection queries, or Real-Time Response, contact Truto to scope and build those integrations. ### How does Truto handle CrowdStrike's API rate limits? Truto manages rate limiting, pagination, and retries transparently. CrowdStrike enforces per-API rate limits that vary by endpoint and subscription tier. Truto automatically respects these limits so your integration doesn't get throttled or blocked. ### Which CrowdStrike cloud environments are supported? CrowdStrike operates region-specific cloud environments (US-1, US-2, EU-1, US-GOV-1). Your end users will need to specify their base URL or cloud region during connection setup so that API calls route to the correct Falcon instance. ### Do my end users need to configure anything in CrowdStrike? Yes. Your end users need to create an API client in their CrowdStrike Falcon console with the appropriate scopes (e.g., Read for Hosts, User Management). Truto provides guidance to make this setup straightforward for non-technical users.