Skip to main content

Configuring the integration

To configure the integration, you need to generate API keys for authentication. These authentication parameters are unique to ConnectWise members, granting them access to company resources. You can reuse the API key generated to enable the integration, but we strongly recommend that you create a new one.

You also need your GravityZone access URL and API key. These credentials will be used to link the ConnectWise PSA tenant to your GravityZone company.

For the initial setup, you must follow these steps:

  1. Generate the ConnectWise PSA App API keys.

  2. Generate the GravityZone API key.

  3. Register in ConnectWise PSA App.

  4. Provide the required credentials to create the integration.

  5. Configure the billing and ticketing services.

Generating the ConnectWise PSA API keys

To generate API keys, follow these steps:

  1. Log in to ConnectWise PSA.

  2. Go to System > Security Roles.

  3. Click New Item to create a Security Role and type a name in the Role ID field.

    Security_Roles.png
  4. Click Save.

  5. Edit the Security Role to add the following permissions:

    • Companies > Company Maintenance: Inquire level set to All

    • Finance > Agreements: Add Level, Edit Level and Inquire level set to All

      Notice

      This feature is unavailable for Basic Plan accounts.

    • Procurement > Products: Inquire level set to All

    • Procurement > Product Catalog: Inquire level set to All

    • Project > Project Ticket Tasks: Inquire level set to All

    • Project > Project Tickets: Inquire level set to All

    • Service Desk > Service Tickets: Add Level and Inquire level set to All

    • System > Table Setup (customize): Inquire Level set to All

      Notice

      Product Catalog is displayed as Product Entry in all versions prior to 2017.5.

    Security_Roles2.png
  6. Create an API Member as follows:

    • Go to System > Members.

    • Go to the API Members tab.

    • Click New Item to add a new entry.

    • Fill in the mandatory fields and assign the previously created Security Role.

    • Click Save to apply changes.

    Security_Roles3.png
  7. Go to the API Keys tab.

  8. Click New Item to add a new entry.

  9. Write down the name in the Description field.

  10. Click Save to generate public and private API keys.

    Security_Roles4.png

    Important

    The private key is only available the first time you create it. Please save it for later use when configuring the integration.

Generating the GravityZone API key

To obtain the GravityZone URL and API key, follow these steps:

  1. Log in to GravityZone Control Center using a partner account.

  2. Go to Welcome, (User) > My Account in the upper-right corner of the screen.

  3. Under Control Center API, copy the Access URL and paste it somewhere at hand.

  4. Back in GravityZone, under API Keys, select Add

  5. Enter a name for the new GravityZone API key and select the following categories:

    • Companies

    • Licensing

    • Network

    • Event Push Service API

    cw_psa_app_gz_api_key_p_582043_en.png
  6. Click Generate.

  7. On the new page, copy your API key and save it for later use when configuring the integration. After you close the window, the key will no longer be visible.

ConnectWise PSA App registration

To register in ConnectWise PSA App, follow these steps:

  1. Log in to Bitdefender GravityZone Control Center using your partner credentials.

  2. Point to your username in the upper-right corner of the console and choose Integrations. The Integrations page will show up.

  3. Click Add ConnectWise PSA integration link. You can alternatively access ConnectWise PSA App at https://cwpsa.psa.bitdefender.com.

    Notice

    As a partner with the GravityZone identity provider (IdP) service enabled, you will automatically log in into ConnectWise PSA App

    As a partner that already configured single sign-on with a 3rd party identity provider in GravityZone, you need to log in via your ConnectWise PSA credentials, or via your 3rd party identity provider. The 3rd party IdP must be configured in ConnectWise PSA App. For details, refer to Configuring ConnectWise PSA single sign-on with an identity provider.

  4. Enter the credentials obtained in the previous stage:

    • ConnectWise PSA URL

    • ConnectWise PSA PSA company ID

    • Public key

    • Private key

    cw_psa_app_first_login_p_1067434_en.png
  5. Click Login.

Note

After configuring single sign-on later on, you can log in to ConnectWise PSA App using an alias.

Initial configuration

After the initial login, you will be redirected to the Configuration wizard, where you can configure the integration for first time use. While the ConnectWise PSA configuration wizard is not finalized, all other menu options are disabled.

Integration

For the initial integration registration (or if the integration was reset), you need to add the necessary details to synchronize the ConnectWise PSA and GravityZone platforms.

cw_psa_app_01_integration_p_1067434_en.png

To configure the integration, follow these steps:

  1. Under GravityZone credentials, add the GravityZone URL and GravityZone API key.

  2. Under ConnectWise PSA credentials, add these details:

    • ConnectWise PSA address

    • ConnectWise PSA company ID

    • Public key

    • Private key

  3. Click Next.

Billing

On this page, select the default agreement type and product, as provided by the ConnectWise PSA platform, to enable Bitdefender to report the number of active protected endpoints for each managed company.

cw_psa_app_02_billing_p_1067434_en.png

To configure the billing settings, follow these steps:

  1. Under Finance, selected the default agreement type.

    Notice

    Mapping section offers the ability to select a specific agreement type or agreement, optionally. Mappings that do not specify a optional agreement, will use the default agreement type.

  2. For Covered agreements, select which additional agreement statuses should be taken into consideration for creating additions:

    • Active - it cannot be unchecked and it represents the default agreement type status with the highest priority

    • Expired

    • Inactive

    • Canceled

    Notice

    The priority order for covered agreements cannot be changed. For example, if no Active agreements are available and the Inactive status is checked, but Expired is unchecked, additions will be added to available agreements with Inactive status.

  3. Under Products, select the desired option available for Endpoint Security.

  4. Click Next.

Ticketing

On this page, select the notifications for which ConnectWise PSA service desk tickets should be created.

Tickets can be configured by:

  • Priority. All priority list items will be available for selection, as defined in your ConnectWise PSA Priority List:

    • Priority 1 - Emergency Response

    • Priority 2 - Quick Response

    • Priority 3 - Normal Response

    • Priority 4 - Scheduled Maintenance

    • Any custom defined priority.

  • Service Boards. All service board items will be available for selection, as defined in your ConnectWise PSA Service Board List.

    Notice

    Default Service Board represents the default service board available in your ConnectWise PSA. For other service boards, select the appropriate option from the drop-down menu.

  • Threat type. You can use one or both options:

    • Blocked threats - Bitdefender took action and stopped the detected threats.

    • Current threats - Bitdefender reported but did not take action on the detected threats.

To create ConnectWise PSA service tickets, the following options are available:

  1. Select to create PSA service desk tickets if no active agreement is available. Bitdefender generates these tickets for expired, inactive or canceled agreements of the selected agreement type, if enabled. The ConnectWise PSA service ticket will be generated on the corresponding ConnectWise PSA company every 4 hours, if no existing service ticket is already open, otherwise no new service ticket is generated.

    Note

    If the issue has been resolved and an available Agreement status is detected, the generated ConnectWise PSA service ticket will not be update automatically and needs to be closed by the The ConnectWise PSA user.

  2. Select the detection types for which you want to receive ConnectWise PSA service tickets:

    • Endpoint Detection and Response - Bitdefender detects a phishing event based on a new Root Cause Analysis (RCA) displayed in the Incidents section in GravityZone.

    • Antimalware - Bitdefender generates this event when detecting malware on endpoints.

    • Advanced Threat Control - Bitdefender detects and blocks potentially dangerous applications.

    • Advanced Anti-Exploit - Bitdefender detects zero-day and advanced persistent threat activities in real time.

    • Hyper Detect - Bitdefender detects advanced attacks and suspicious activities in the pre-execution stage.

    • Ransomware Detection - Bitdefender generates this event when blocking a ransomware attack.

    • Firewall - Bitdefender blocks a port scan or application from accesing the network, according to the applied policy.

    • Antiphishing - Bitdefender detects a phishing attempt when accessing a web page.

    • Network Attack Defense - Bitdefender detects network attacks designed to gain access on the endpoints.

    • Web Traffic Scan - Bitdefender blocks user activity such as web browsing, according to the applied policy.

    • Sandbox Analyzer - Bitdefender detects a new threat among the submitted files to Sandbox Analyzer.

      Note

      ConnectWise PSA service tickets that have a different status from Closed (resolved), will be updated with a new note if Bitdefender detects a new threat of the same type, on the same Bitdefender endpoint. Otherwise, a new ConnectWise PSA service ticket will be generated for each Bitdefender enabled detection.

  3. Click Next.

Finalize the configuration

On this page, review the settings and click Save configuration to create the integration. After this, all the integration pages become active.

If needed, click Back to make changes at previous steps.

cw_psa_app_04_finalize_p_1067434_en.png

Settings

After the initial configuration, you can access the Settings page to make any changes to the integration, referring to ConnectWise PSA App and GravityZone credentials, billing and ticketing services, your tenant, and single sign-on through your SAML 2.0 identity provider.

Notice

The Settings page will be fully accessible only after performing and finishing the initial integration setup.

Integration

On this page, you can edit the ConnectWise PSA App and GravityZone credentials provided with the initial configuration. For details, refer to this topic.

When done, click Save changes.

cw_psa_app_integration_p_582043_en.png

Configuration

This page contains two tabs for the billing and ticketing service settings.

Billing

In this tab, select the default agreement type and product, as provided by the ConnectWise PSA platform, to enable Bitdefender to report the number of active protected endpoints for each managed company. The settings are the same as during the initial configuration. For details, refer to this topic.

When done, click Save changes.

cw_psa_app_configuration_billing_p_582043_en.png

Ticketing

In this tab, select the notifications for which ConnectWise PSA service desk tickets should be created. The settings are the same as during the initial configuration. For details, refer to this topic.

When done, click Save changes.

cw_psa_app_configuration_ticketing_p_582043_en.png

System

This page contains two tabs for the tenant reset and authentication settings.

Tenant

If you need to reset the current integration in order to change the ConnectWise PSA tenant or the GravityZone company, use the Reset tenant option.

Warning

All data will be deleted, including settings and all integration details. After this action, you will have to reconfigure the entire ConnectWise PSA integration through the configuration wizard. 

cw_psa_app_system_tenant_p_582043_en.png

Authentication

To enable single sign-on (SSO) for ConnectWise PSA App, follow these steps:

  1. Click the single sign-on switch to activate it.

  2. Provide the alias and the metadata URL available with your preferred identity provider.

  3. Click Save changes.

For details on how to configure the identity provider and ConnectWise PSA App to use single sign-on, refer to Configuring ConnectWise PSA single sign-on with an identity provider.

After enabling SSO, you can log in to ConnectWise PSA App using the alias you specified.

To temporary disable the single sign-on service for your tenant, click the switch again to disable it. This will not remove your configured settings.

To permanently remove the  single sign-on service for your tenant and the configured settings, follow these steps:

  1. Make sure the single sign-on switch is active.

  2. Delete the alias and metadata URL.

  3. Click Save changes.

  4. Click Disable in the confirmation window.

cw_psa_app_system_authentication_p_582043_en.png