Connect 42Gears SureMDM
Elisity supports API connectivity to 42Gears SureMDM as a method to enrich OT and managed endpoint device discovery and identity. This enables asset data from SureMDM to be imported into IdentityGraph for all assets that appear on your Elisity-secured network. Asset classification improves for managed endpoints such as HMIs, engineering workstations, operator workstations, and virtualized PLCs.
Prerequisites
Before configuring the 42Gears SureMDM connector, gather the following credentials from your SureMDM console:
- SureMDM API URL (e.g.,
https://yourorg.suremdm.io) - API Key
- Username (with API access permissions)
- Password (Secret)
The account used for API access must have sufficient permissions to query device inventory in the 42Gears SureMDM console. Please review the 42Gears SureMDM documentation for details on user roles and API access.
Steps to Connect 42Gears SureMDM
Step 1. Log in to the 42Gears SureMDM console at https://yourorg.suremdm.io. Navigate to Account Settings > API Settings to generate or retrieve your API Key for Elisity integration.
Step 2. Log in to Elisity Cloud Control Center. Navigate to Settings > IdentityGraph > Connectors and click + ADD CONNECTOR.
Step 3. Locate the 42Gears SureMDM tile in the connector catalog and click Configure.
Step 4. Enter the following configuration parameters:
| Parameter | Description |
|---|---|
| Connector Name | A descriptive name for this connector instance (for example, SureMDM-Production) |
| URL | The SureMDM console URL for your organization (for example, https://yourorg.suremdm.io) |
| API Key | The API Key generated from the SureMDM console in Step 1 |
| Username | The SureMDM API username with access to the console |
| Secret | The password associated with the SureMDM API username |
Click Save to create the connector. CCC initiates the first synchronization automatically.
Cloud Control Center authenticates to 42Gears SureMDM using Basic Authentication with the API Key passed in the request header.
Step 5 (optional). Configure advanced settings for the connector. The Advanced Settings panel is accessible from the connector detail view. See the Advanced Settings section below for details on each option.
Step 6. After submitting the configuration, verify that the 42Gears SureMDM connector appears in your connectors list with an Active status.
Advanced Settings
The Advanced Settings tab exposes connector-level tuning options that control how Cloud Control Center queries the connector, how learned data is retained, and how the connector's data is used by IdentityGraph and Insights.
The following chart provides details about each advanced setting.
| Setting | Description |
|---|---|
| Global Timer | The frequency at which Cloud Control Center queries the connector for updates. From 1 to 168 hours. Default is 24 hours. |
| Initial Delay | The delay in seconds before Cloud Control Center initiates the first query to the connector after initially discovering a new device. Default is 180 seconds. |
| Connector Data Purging | When enabled, Cloud Control Center purges all data learned about a device from this connector if the device is no longer found when querying the connected application. The time period between purge events is configurable from 1 to 90 days. The connector status will change from "Up to Date" to "Stale" if the device is no longer known by the connector but prior to the purge event. |
| IP Only Based Lookup | Enables fallback behavior to query by IP address when a query by MAC address does not return a result. |
| Query Exclusion Rules | Limit the scope of Cloud Control Center queries by excluding specific Subnets or Virtual Edge Nodes, and by enabling or disabling the querying of devices with Random MAC addresses. |
| Enrichment Lookback Window | Defines how far back IdentityGraph looks for device activity when determining a device's eligibility for enrichment from this connector. Devices whose last seen timestamp falls within the configured window are eligible for enrichment; devices outside the window are not. Increasing this value may improve enrichment coverage for environments with infrequently connected devices (servers, OT systems, remote assets) but can increase processing load. Available values: 1 hour, 1 day, 3 days (default), 7 days, 30 days, 90 days. |
| Trusted Connector |
Controls whether Insights uses data from this connector when generating recommended Policy Groups. When enabled, device attributes from this connector are eligible to inform Insights' Policy Group recommendations. When disabled, Insights ignores this connector as a source for recommendations. Note: This setting only affects Insights recommendations — it does not change device verification status, trust attributes, or how the connector's data is used elsewhere in the platform. |
Connector Status
The connector status reflects the health and availability of the 42Gears SureMDM connection based on recent query performance. To ensure accuracy and reduce false positives, the status is determined using a rolling 15-minute evaluation window.
Connector status levels:
- Active — Normal operation with minimal query failures.
- Degraded — Increased query failures detected, but the connector is still operational.
- Inactive — The connector is unresponsive due to persistent failures.
Failures represent unsuccessful query responses from the SureMDM API. Cloud Control Center continuously monitors connector health, and the current status is visible in the Connectors list, event logs, and the notifications pane. Email alerts for status changes can be configured in notification settings.
If the connector has not been queried within the evaluation window, the last known status is retained.
Leveraging 42Gears SureMDM with Elisity
When Elisity discovers a new asset on the network and the 42Gears SureMDM connector is active, Cloud Control Center queries the SureMDM API for additional device attributes. These attributes enrich the device record in IdentityGraph with posture, compliance, and operational data from SureMDM.
Enriched data from SureMDM is displayed in the IdentityGraph tab of the device view. This data can be used in Policy Group definitions to build dynamic match criteria from SureMDM attributes — connection status, enrollment state, antivirus status, device group path, and others.
Some SureMDM attributes map directly to Elisity Core Effective Attributes (CEA) and populate the device's core identity fields. For the full attribute mapping, see 42Gears SureMDM Classification Details.
Trust Attribute
If a device discovered by Elisity is also known in 42Gears SureMDM, the Trust Attribute flag for Known in 42Gears SureMDM is set to Yes. This Trust Attribute can be used as match criteria in Policy Group definitions to apply policies specifically to devices managed by SureMDM.
The Trust Attribute Known in 42Gears SureMDM is visible in the device detail view under Trust Attributes.