Home Integrations Catalog Elements Connector APIs

NinjaOne RMM Integration

Deploy WithSecure™ Elements agents automatically using NinjaOne RMM automation scripts and policies.

NinjaOne RMM Integration BETA

This integration allows MSP partners to automate WithSecure™ Elements agent installations for new devices and new customer organizations. After a one-time configuration, every new device added to NinjaOne will automatically receive the WithSecure Elements Agent and be protected — no manual intervention required.

This guide covers three parts:

  1. Enable the NinjaOne RMM integration from WithSecure™ Elements Security Center.
  2. Map companies between NinjaOne and WithSecure™ Elements.
  3. Configure automated agent deployment in your NinjaOne account by adding automation scripts and updating agent policies.

Part 1: Enable NinjaOne RMM Integration from WithSecure Elements

Connect your NinjaOne account to WithSecure™ Elements Security Center.

  1. Log in to WithSecure™ Elements Security Center.
  2. Go to the Management > Integrations section.
  3. Select NinjaOne and click Configure.
  4. Fill in your NinjaOne API credentials. You can obtain these from your NinjaOne account.
  5. Click Connect and then Save.

Part 2: Company Mapping

Map your NinjaOne organizations to WithSecure™ Elements organizations.

  1. Navigate to the Management > Integrations section.
  2. On the NinjaOne integration card, click Company mapping.
  3. From the Company mapping table, map your NinjaOne organizations to Elements organizations.

Part 3: Configure Automated WithSecure Agent Deployment in NinjaOne

This is a one-time configuration in your NinjaOne account that enables automated WithSecure agent deployment across your managed devices. Once complete, the agent policies will continuously monitor devices and deploy the WithSecure Elements Agent whenever it is missing.

The setup involves three steps:

  1. Add the monitor script that detects whether the WithSecure agent is installed
  2. Add the deployment script that installs the agent
  3. Update Windows agent policies to add a condition that triggers monitoring and automated remediation

1. Add the Monitor Script

1.1 Navigate to Automation

  1. Log in to NinjaOne with access to the partner account.
  2. Go to Administration > Library > Automation.

1.2 Create the Script

  1. Select Add automation > Script.
  2. Set a descriptive name (e.g., monitor-withsecure-agent-win).
  3. Select Windows as the system.
  4. Select PowerShell as the language.
  5. Set architecture to All.
  6. Copy the script contents below into the script editor.
monitor-withsecure-agent-win.ps1
$scriptVersion = "2.1"
Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"

$withsecure_enabled = Ninja-Property-Get withsecureenabled

function PrintScriptVersion()
{
    Write-Host "Script version $scriptVersion"
}

function WriteAlertAndExit($alertText)
{
    Write-Host "<-Start Result->`nWithSecure_Monitoring_Result=$alertText`n<-End Result->"
    exit 1
}

function CheckProductInstalled()
{
    $registryPath = "HKLM:\SOFTWARE\WOW6432Node\F-Secure\OneClient"
    $registryKey = Get-ItemProperty -Path $registryPath -ErrorAction SilentlyContinue
    if (($registryKey -ne $null) -and ($registryKey.Version -ne $null))
    {
        return $true
    }

    $registryPath = "HKLM:\SOFTWARE\F-Secure\OneClient"
    $registryKey = Get-ItemProperty -Path $registryPath -ErrorAction SilentlyContinue
    if (($registryKey -ne $null) -and ($registryKey.Version -ne $null))
    {
        return $true
    }

    return $false
}

function PerformChecks()
{
    if (-not (CheckProductInstalled))
    {
        WriteAlertAndExit "WithSecure Elements Agent is not installed"
    }
}

PrintScriptVersion

try
{
    if ($withsecure_enabled -ne 1)
    {
        Write-Host "WithSecure disabled for the organization. No actions required."
    }
    else
    {
        PerformChecks
        Write-Host 'All checks have passed'
    }
}
catch
{
    WriteAlertAndExit $_.Exception.Message
}
  1. Save the script and close the script window.

2. Add the Deployment Script

2.1 Navigate to Automation

  1. Go to Administration > Library > Automation.

2.2 Create the Script

  1. Select Add automation > Script.
  2. Set a descriptive name (e.g., deploy-withsecure-agent-win).
  3. Select Windows as the system.
  4. Select PowerShell as the language.
  5. Set architecture to All.
  6. Copy the script contents below into the script editor.
deploy-withsecure-agent-win.ps1
$scriptVersion = "2.1"
Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"

function PrintScriptVersion()
{
    Write-Host "Script version $scriptVersion"
}

function WriteAlertAndExit($alertText)
{
    Write-Host "<-Start Result->`nWithSecure_Installation_Result=$alertText`n<-End Result->"
    exit 1
}

function GetVariable($variableName, $defaultValue)
{
    $variableValue = [Environment]::GetEnvironmentVariable($variableName, "Process")
    Write-Host "Variable $variableName value: $variableValue;"
    if ($variableValue -eq $null)
    {
        $variableValue = $defaultValue
    }

    return $variableValue
}

function GetFailureReason([int]$exitCode)
{
    switch ($exitCode)
    {
        0 { return "Success" }
        1 { return "Failed" }
        2 { return "Cancelled" }
        3 { return "Integrity check failed" }
        4 { return "MSI service is busy" }
        5 { return "Out of disk space" }
        6 { return "MSI interface version is not compatible (installer is too old)" }
        7 { return "Failed to install Universal CRT" }
        8 { return "Failed to install .NET framework" }
        9 { return "Invalid sidegrade package" }
        10 { return "Sidegrade failed" }
        11 { return "Key code is missing" }
        12 { return "Temporary error. Try again." }
        99 { return "Pending reboot" }
        100 { return "Installation pending" }
        101 { return "Installation succeeded, but reboot is required" }
    }
}

function InvokeExe($exePath, $parameters)
{
    Write-Host "filePath: $exePath"
    Write-Host "parameters: $parameters"
    $process = Start-Process -FilePath $exePath -ArgumentList $parameters -PassThru -Wait
    if ($($process.ExitCode -ne 0) -and $($process.ExitCode -ne 100))
    {
        WriteAlertAndExit "Installation failed. ExitCode: $($process.ExitCode). Reason: $(GetFailureReason $process.ExitCode)"
    }
}

function GetTempFolder()
{
    $commonAppData = [Environment]::GetFolderPath("CommonApplicationData")
    return Join-Path -Path $commonAppData -ChildPath "WithSecure\temp"
}

PrintScriptVersion

try
{
    # Detect Windows product type: 1 = Workstation, 2 = Domain Controller, 3 = Server
    $productType = (Get-CimInstance -ClassName Win32_OperatingSystem).ProductType
    Write-Host "Detected Windows ProductType: $productType"

    if ($productType -eq 1)
    {
        Write-Host "Windows Workstation detected, using WS_LICENSE_WIN_WORKSTATION"
        $licenseKeyCode = Ninja-Property-Get wslicensewinworkstation
        if (!$licenseKeyCode)
        {
            WriteAlertAndExit "WS_LICENSE_WIN_WORKSTATION custom field is not defined"
        }
    }
    else
    {
        Write-Host "Windows Server detected, using WS_LICENSE_WIN_SERVER"
        $licenseKeyCode = Ninja-Property-Get wslicensewinserver
        if (!$licenseKeyCode)
        {
            WriteAlertAndExit "WS_LICENSE_WIN_SERVER custom field is not defined"
        }
    }

    $tempFolder = GetTempFolder
    New-Item -ItemType Directory -Force -Path $tempFolder | Out-Null

    $installerLocalPath = Join-Path -Path $tempFolder -ChildPath "networkinstaller.exe"
    $webClient = New-Object System.Net.WebClient
    Write-Host "installerLocalPath: $installerLocalPath"

    $withSecureEnv = GetVariable "WITHSECURE_ENV"
    if ($withSecureEnv -eq "CI")
    {
        $installerUrl = "https://artifactory.internalsecure.com/artifactory/cta-generic-dev-local/oneclient/latest/psb/oneclient-PSB-blue.exe"
    }
    elseif ($withSecureEnv -eq "STG")
    {
        $installerUrl = "https://download.withsecure.com/TP/PSB-Live/latest/ElementsAgentInstaller.exe"
    }
    else
    {
        $installerUrl = "https://download.withsecure.com/PSB/latest/ElementsAgentInstaller.exe"
    }
    $webClient.DownloadFile($installerUrl, $installerLocalPath)
}
catch
{
    Write-Host $_.Exception.ToString()
    throw $_.Exception
}

InvokeExe $installerLocalPath "--silent --voucher $licenseKeyCode"

Write-Host "Installation successfully completed"
  1. Save the script and close the script window.

3. Update Agent Policies to Add Monitoring and Automated Deployment

3.1 Navigate to Agent Policies

  1. Go to Administration > Policies > Agent policies.
  2. Open the Windows Server or Windows Workstation policy you want to update (create them if they do not exist yet).

Repeat the steps below for both the Server and Workstation policies.

3.2 Add a Script Result Condition

  1. Click Add condition.
  2. Select Script result condition as the type.
  3. Set the Evaluation script to the WithSecure Agent monitoring script created in Step 1.
  4. Set Run every to 30 minutes (or an interval that suits your environment).
  5. Set Timeout to 2 minutes.
  6. Set Result Code equal to 1.
  7. Set With Output to Contains WithSecure Elements Agent is not installed.
  8. Click Apply to confirm the condition settings.

3.3 Configure Auto-Reset and Automated Response

  1. Set Auto-reset to After 3 minutes.
  2. In the Automations list, add the WithSecure Agent deployment script created in Step 2.
  3. Leave all other field values at their defaults.
  4. Click Add to save the condition.

3.4 Enable and Save the Policy

  1. Review the full policy configuration.
  2. Ensure the newly created condition is enabled.
  3. Save the policy.