Cloudflare Docs
Cloudflare Zero Trust
Edit this page
Give us feedback
Set theme to dark (⇧+D)

Tanium

Cloudflare Zero Trust can integrate with Tanium to require that users connect to certain applications from managed devices. This service-to-service posture check uses the WARP client to read endpoint data from Tanium. Devices are identified by their serial numbers.

​​ Prerequisites

  • Either Tanium Cloud or on-premise installations of Tanium
  • Tanium agent is deployed on the device.
  • Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to Service providers.

​​ Set up Tanium as a service provider

​​ 1. Get Tanium settings

The following Tanium values are needed to set up the Tanium posture check:

  • Client Secret
  • Rest API URL

To retrieve those values:

  1. Log in to your Tanium instance.
  2. Go to Administration > API Tokens.
  3. Select New API Token.
  4. Set Expire in days to an appropriate value for your organization. When this token expires, all device posture results will begin to fail unless updated.
  5. Set Trusted IP addresses to 0.0.0.0/0.
  6. Select Save.
  7. Copy the Client Secret and API URL to a safe place.

​​ 2. Add Tanium as a service provider

  1. In Zero Trust, go to Settings > WARP Client.
  2. Scroll down to Device posture providers and select Add new.
  3. Select Tanium.
  4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
  5. Enter the Client Secret and Rest API URL you noted down above.
  6. Choose a Polling frequency for how often Cloudflare Zero Trust should query Tanium for information.
  7. Select Save.
You will see the new provider listed under Settings > WARP Client > Device posture providers. To ensure the values have been entered correctly, select Test.

​​ 3. Configure the posture check

  1. In Zero Trust, go to Settings > WARP Client > Service provider checks.
  2. Select Add new.
  3. Select the Tanium provider.
  4. Configure a device posture check and enter any name.
  5. Select Save.

Next, go to Logs > Posture and verify that the service provider posture check is returning the expected results.

​​ Device posture attributes

SelectorDescription
Total scoretotalScore of the device from Tanium’s EndpointRisk assessment