NinjaOne Integration

Connect your NinjaOne RMM platform to automatically collect asset inventory, patch status, software inventory, and hardware compliance data.

What Data Is Collected

NinjaOne provides critical evidence for asset management and patch compliance controls:

Assets & Endpoints

• Device Inventory - Complete list of endpoints (workstations, servers, network devices)
• Hardware Details - Make, model, serial number, warranty status
• Operating System - OS version, build number, edition
• Network Information - IP address, MAC address, hostname
• Asset Age - Purchase date, age, warranty expiration

Patch Management

• Patch Status - Missing patches, installed patches, pending updates
• Patch Compliance - Percentage of endpoints fully patched
• Critical Patches - High-priority security updates missing
• Patch History - Installation dates, success/failure status

Software Inventory

• Installed Software - Complete application list per endpoint
• Software Versions - Version numbers, publishers, install dates
• License Tracking - Software counts for license compliance
• Prohibited Software - Detection of unauthorized applications

Organizations & Activities

• NinjaOne Organizations - Auto-mapped to LanternOps customers
• Device Activities - Last seen, online/offline status
• Alerts - Security alerts, policy violations, system issues

Compliance Mapping

NinjaOne data automatically satisfies these compliance controls:

Compliance Framework	Controls Satisfied	Evidence Provided
CIS Controls v8.1	1.1, 1.2, 7.1, 7.2, 7.3	Asset inventory, software inventory, patch management
NIST CSF 2.0	ID.AM-1, ID.AM-2, PR.IP-12	Physical device inventory, software platform inventory, vulnerability remediation
CMMC Level 2	AC.1.001, SI.1.210, SI.1.211	Authorized devices, flaw remediation, update installation
HIPAA Security Rule	164.308(a)(5)(ii)(B)	Protection from malicious software through patching
SOC 2	CC6.1, CC7.1	Logical access controls, system operations monitoring

Example: CIS Control 1.1

Control Requirement:

“Establish and maintain detailed enterprise asset inventory”

NinjaOne Evidence:

✅ 147 endpoints discovered via NinjaOne API
✅ Last Sync: 2 hours ago
✅ Asset Details Collected:
   - Make: Dell, HP, Lenovo
   - Model: OptiPlex 7090, EliteBook 850
   - OS: Windows 10 Pro (124), Windows 11 Pro (18), Server 2019 (5)
   - Age: Average 2.3 years
   - Warranty: 89% under active warranty
✅ Network Coverage: 100% of production network

Status: SATISFIED (95% confidence)

Setup Instructions

Step 1: Create NinjaOne API Credentials

Option A: OAuth 2.0 (Recommended)

1. Log in to NinjaOne Dashboard
2. Navigate to Administration → Apps → API
3. Click Add to create new OAuth application
4. Configure application:
   • Name: “LanternOps Integration”
   • Redirect URI: https://app.lanternops.com/integrations/ninja/callback
   • Scopes: Select all read permissions:
     • monitoring (read devices and alerts)
     • management (read organizations)
     • offline_access (refresh tokens)
5. Click Create
6. Copy Client ID and Client Secret (you’ll need these)

Option B: API Key (Legacy)

1. Log in to NinjaOne Dashboard
2. Navigate to Administration → Apps → API
3. Click Generate API Key
4. Copy API Key immediately (won’t be shown again)

Step 2: Configure LanternOps Integration

1. Log in to LanternOps
2. Navigate to Integrations → NinjaOne
3. Click Configure Integration
4. Enter credentials:

For OAuth 2.0:

• Authentication Type: OAuth 2.0
• Client ID: [Paste from Step 1]
• Client Secret: [Paste from Step 1]
• Name: “Primary NinjaOne”

For API Key:

• Authentication Type: API Key
• API Key: [Paste from Step 1]
• Name: “Primary NinjaOne”

5. Click Save & Test Connection
6. For OAuth: Click Authorize and grant permissions in popup window
7. Verify “Connection Successful” message

Step 3: Configure Sync Settings

Default Settings (Recommended):

• Sync Enabled: ON
• Sync Frequency: Every 4 hours
• Days Back: 30 (for historical metrics)

Advanced Options:

• Customer Mapping: Automatic (uses fuzzy name matching)
• Sync Filters: All organizations (or select specific ones)

Click Save Settings

Step 4: Run Initial Sync

1. Click Sync Now button
2. First sync takes 15-30 minutes (imports all historical data)
3. Monitor progress in ETL Health Dashboard (/platform/etl/)
4. Verify data appears:
   • Navigate to Assets → Endpoints
   • Should see all NinjaOne devices listed
   • Check patch status and software inventory tabs

Customer Mapping

LanternOps automatically maps NinjaOne organizations to your customers.

Automatic Mapping

Matching Strategies (in order):

1. Exact Name Match

   • NinjaOne Org: “Acme Corporation”
   • LanternOps Customer: “Acme Corporation”
   • Result: ✅ Auto-matched (100% confidence)

2. Fuzzy Name Match

   • NinjaOne Org: “Acme Corp”
   • LanternOps Customer: “Acme Corporation”
   • Result: ✅ Auto-matched (85% confidence)

3. Domain Match

   • NinjaOne Contact Email: “[email protected]”
   • LanternOps Customer Domain: “acme.com”
   • Result: ✅ Auto-matched (80% confidence)

Success Rate: >80% of organizations auto-match successfully

Manual Mapping

If auto-match fails:

1. Navigate to Integrations → NinjaOne → Customer Mapping
2. View unmapped organizations
3. Click Map to Customer for each unmapped org
4. Select correct LanternOps customer from dropdown
5. Click Save Mapping

Best Practice: Review mapping after first sync to catch any mismatches

Sync Schedule

Default Frequency: Every 4 hours

Sync Times (24-hour cycle):

• 12:00 AM
• 4:00 AM
• 8:00 AM
• 12:00 PM
• 4:00 PM
• 8:00 PM

What Gets Synced Each Cycle:

Data Type	Sync Method	Records Updated
Devices	Incremental	Only new/changed devices
Organizations	Full	All organizations (lightweight)
Activities	Incremental	Last 30 days only
Alerts	Incremental	Active alerts only
Software	Incremental	Only devices with software changes
Patches	Incremental	Only devices with new patch data

First Sync vs. Subsequent Syncs:

• First Sync: 15-30 minutes (full historical import)
• Incremental Sync: 5-10 minutes (only changes)

Monitoring & Troubleshooting

Check Sync Health

Navigate to ETL Health Dashboard (/platform/etl/):

Healthy Sync Indicators:

• 🟢 Status: Healthy
• ✅ Failure Rate: <5%
• ⏱️ Last Sync: Within last 4 hours
• 📊 Records Synced: >0 devices per sync

Warning Signs:

• 🟡 Failure Rate: 5-15%
• ⚠️ Last Sync: >6 hours ago
• 📊 Records Synced: 0 devices (possible config issue)

Common Issues

”Authentication Failed” Error

Cause: Invalid or expired credentials

Solution:

1. Verify API key is correct (copy/paste from NinjaOne)
2. For OAuth: Check if token expired - click Re-authorize
3. Check NinjaOne API key hasn’t been rotated/revoked
4. Ensure API key has required permissions:
   • monitoring:read
   • management:read
   • offline_access (for OAuth)

“No Devices Found” After Sync

Cause: Incorrect organization scope or API permissions

Solution:

1. Check Customer Mapping - ensure organizations are mapped
2. Verify API key has access to all organizations in NinjaOne
3. Check NinjaOne → Administration → API → Permissions
4. Try manual sync: Integrations → NinjaOne → Sync Now

”Rate Limit Exceeded” Error

Cause: Too many API requests in short period

Solution:

• Automatic recovery: ETL system retries after 15 minutes
• If persistent: Contact NinjaOne support to increase API rate limits
• Workaround: Reduce sync frequency to every 6 hours

”Customer Auto-Mapping Failed”

Cause: NinjaOne organization names don’t match LanternOps customers

Solution:

1. Use Manual Mapping feature (see above)
2. Navigate to Integrations → NinjaOne → Customer Mapping
3. Map each unmapped organization manually
4. Best Practice: Use consistent naming between NinjaOne and LanternOps

”Partial Sync - Missing Software/Patches”

Cause: NinjaOne API pagination issue or timeout

Solution:

1. Check ETL Health Dashboard for specific error
2. Try manual sync: Sync Now
3. Increase timeout setting: Integrations → NinjaOne → Advanced Settings → Timeout: 600 seconds
4. If persistent, contact LanternOps support

Verify Data Accuracy

After first sync, verify:

1. Asset Count Matches

   • NinjaOne Dashboard: Count total devices
   • LanternOps: Navigate to Assets → Endpoints
   • Counts should match within 5% (some devices may be filtered)

2. Customer Mapping Correct

   • Review Customer Mapping page
   • Ensure all organizations mapped to correct customers
   • Check for duplicates or mismatches

3. Patch Data Present

   • Select any endpoint in Assets
   • Check Patches tab
   • Should see list of installed/missing patches

4. Software Inventory Populated

   • Select any endpoint in Assets
   • Check Software tab
   • Should see list of installed applications

Business Value

Time Savings

Manual Asset Inventory:

• 8 hours to compile spreadsheet manually
• Outdated by the time audit happens
• No proof of current state

NinjaOne Integration:

• 5 minutes to generate asset report
• Always current (syncs every 4 hours)
• Audit-ready documentation

Quarterly Savings: 8 hours × $150/hr = $1,200

Compliance Value

Frameworks Covered:

• CIS Controls (5 controls satisfied)
• NIST CSF (3 controls satisfied)
• CMMC Level 2 (3 controls satisfied)

Audit Package Includes:

• Complete asset inventory (CIS 1.1)
• Software inventory (CIS 1.2)
• Patch compliance report (CIS 7.1)
• Hardware age/warranty status
• Evidence timestamp (proves current state)

Revenue Opportunities

NinjaOne data powers automatic opportunity detection:

Hardware Refresh Detection:

• Finds devices >5 years old
• Calculates refresh cost
• Generates sales pitch: “$45,000 hardware refresh project for 23 outdated workstations”

Patch Compliance Gaps:

• Identifies endpoints <80% patched
• Recommends enhanced patch management service
• Upsell opportunity: “$500/month premium patch management”

Software Licensing:

• Detects unlicensed software
• Calculates compliance risk
• Upsell: “$3,000 software audit and licensing cleanup”

Average Revenue Found: $3,000-$5,000 per customer

Best Practices

Setup

• ✅ Use OAuth 2.0 authentication (more secure, auto-refreshes)
• ✅ Enable all required scopes (monitoring, management, offline_access)
• ✅ Use consistent naming between NinjaOne orgs and LanternOps customers
• ✅ Test sync with one customer first before enabling all

Ongoing Maintenance

• ✅ Review ETL Health Dashboard weekly
• ✅ Check customer mapping monthly for new orgs
• ✅ Monitor failure rate (should be <5%)
• ✅ Rotate API credentials every 90 days

Security

• ✅ Credentials are encrypted at rest (AES-256)
• ✅ Never shared across MSP tenants
• ✅ Use read-only API permissions (LanternOps never writes to NinjaOne)
• ✅ Enable API key expiration in NinjaOne (90-day rotation)

Performance

• ✅ Keep sync frequency at 4 hours (balances freshness and API limits)
• ✅ First sync during off-hours (takes 15-30 minutes)
• ✅ Monitor records synced to detect issues early

API Permissions Required

Minimum Scopes (OAuth 2.0)

monitoring:read       - Read devices, alerts, activities
management:read       - Read organizations, policies
offline_access        - Refresh tokens automatically

Minimum Permissions (API Key)

• Devices: Read
• Organizations: Read
• Software Inventory: Read
• Patch Management: Read
• Activities: Read
• Alerts: Read

Important: API key must have all organizations access, not just specific ones.

Next Steps

1. Verify First Sync

   • Check Assets → Endpoints for devices
   • Review Customer Mapping
   • Confirm patch and software data present

2. Add Security Integration

   • Complement NinjaOne with EDR tool
   • Huntress Setup Guide

3. Generate First Audit Package

   • Navigate to Compliance → Audit Packages
   • Select framework (e.g., CIS Controls)
   • See NinjaOne evidence automatically included

4. Monitor Integration Health

   • Bookmark ETL Health Dashboard
   • Check weekly for sync issues
   • ETL Monitoring Guide

Questions?

• What if devices aren’t syncing?
• How do I fix customer mapping issues?
• Why is my sync failing?
• Contact Support