---
title: Create an entity context sync configuration
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Create an entity context sync configuration{% #create-an-entity-context-sync-configuration %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                                                   |
| ----------------- | ---------------------------------------------------------------------------------------------- |
| ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/integration_config |
| ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/integration_config |
| app.datadoghq.eu  | POST https://api.datadoghq.eu/api/v2/security_monitoring/configuration/integration_config      |
| app.ddog-gov.com  | POST https://api.ddog-gov.com/api/v2/security_monitoring/configuration/integration_config      |
| us2.ddog-gov.com  | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/integration_config  |
| uk1.datadoghq.com | POST https://api.uk1.datadoghq.com/api/v2/security_monitoring/configuration/integration_config |
| app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/configuration/integration_config     |
| us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/integration_config |
| us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/integration_config |

### Overview

Create a new entity context sync configuration so Cloud SIEM can ingest entities from an external source. The credentials provided in `secrets` are validated against the source before the configuration is stored and never returned in subsequent responses. This endpoint requires the `manage_integrations` permission.

OAuth apps require the `manage_integrations` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint.



### Request

#### Body Data (required)

The definition of the new integration configuration.

{% tab title="Model" %}

| Parent field | Field                              | Type   | Description                                                                                                                                                                                                                                          |
| ------------ | ---------------------------------- | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]             | object | The entity context sync configuration to create.                                                                                                                                                                                                     |
| data         | attributes [*required*]       | object | The attributes of the entity context sync configuration to create.                                                                                                                                                                                   |
| attributes   | domain [*required*]           | string | The domain associated with the external entity source.                                                                                                                                                                                               |
| attributes   | integration_type [*required*] | enum   | The type of external source that provides entities to Cloud SIEM. Allowed enum values: `GOOGLE_WORKSPACE,OKTA,ENTRA_ID`                                                                                                                              |
| attributes   | name [*required*]             | string | The display name for the entity context sync configuration.                                                                                                                                                                                          |
| attributes   | secrets                            | object | The secrets used to authenticate against the external entity source. The accepted keys depend on the source type (for example, `admin_email` for Google Workspace). Not required for source types that do not use secrets (for example, `ENTRA_ID`). |
| attributes   | settings                           | object | Free-form, non-sensitive settings for the entity context sync. The accepted keys depend on the source type.                                                                                                                                          |
| data         | type [*required*]             | enum   | The type of the resource. The value should always be `integration_config`. Allowed enum values: `integration_config`                                                                                                                                 |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "domain": "siem-test.com",
      "integration_type": "GOOGLE_WORKSPACE",
      "name": "My GWS Integration",
      "secrets": {
        "admin_email": "test@example.com"
      },
      "settings": {
        "setting1": "value1"
      }
    },
    "type": "integration_config"
  }
}
```

{% /tab %}

### Response

{% tab title="200" %}
OK
{% tab title="Model" %}
Response containing a single entity context sync configuration.

| Parent field | Field                              | Type      | Description                                                                                                             |
| ------------ | ---------------------------------- | --------- | ----------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]             | object    | An entity context sync configuration.                                                                                   |
| data         | attributes [*required*]       | object    | The attributes of an entity context sync configuration as returned by the API.                                          |
| attributes   | created_at                         | date-time | The time at which the entity context sync configuration was created.                                                    |
| attributes   | domain [*required*]           | string    | The domain associated with the external entity source (for example, the customer's identity provider domain).           |
| attributes   | enabled [*required*]          | boolean   | Whether the sync is enabled and actively ingesting entities into Cloud SIEM.                                            |
| attributes   | integration_type [*required*] | enum      | The type of external source that provides entities to Cloud SIEM. Allowed enum values: `GOOGLE_WORKSPACE,OKTA,ENTRA_ID` |
| attributes   | modified_at                        | date-time | The time at which the entity context sync configuration was last modified.                                              |
| attributes   | name                               | string    | The display name of the entity context sync configuration.                                                              |
| attributes   | settings                           | object    | Free-form, non-sensitive settings for the entity context sync. The accepted keys depend on the source type.             |
| attributes   | state                              | enum      | The state of the credentials configured on the entity context sync. Allowed enum values: `valid,invalid,initializing`   |
| data         | id [*required*]               | string    | The unique identifier of the integration configuration.                                                                 |
| data         | type [*required*]             | enum      | The type of the resource. The value should always be `integration_config`. Allowed enum values: `integration_config`    |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "created_at": "2026-05-01T12:00:00Z",
      "domain": "siem-test.com",
      "enabled": true,
      "integration_type": "GOOGLE_WORKSPACE",
      "modified_at": "2026-05-01T12:00:00Z",
      "name": "My GWS Integration",
      "settings": {
        "setting1": "value1"
      },
      "state": "valid"
    },
    "id": "11111111-2222-3333-4444-555555555555",
    "type": "integration_config"
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Not Authorized
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/configuration/integration_config" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "domain": "siem-test.com",
      "integration_type": "GOOGLE_WORKSPACE",
      "name": "My GWS Integration",
      "secrets": {
        "admin_email": "test@example.com"
      },
      "settings": {
        "setting1": "value1"
      }
    },
    "type": "integration_config"
  }
}
EOF 
                
##### 

```python
"""
Create an entity context sync configuration returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.security_monitoring_integration_config_create_attributes import (
    SecurityMonitoringIntegrationConfigCreateAttributes,
)
from datadog_api_client.v2.model.security_monitoring_integration_config_create_data import (
    SecurityMonitoringIntegrationConfigCreateData,
)
from datadog_api_client.v2.model.security_monitoring_integration_config_create_request import (
    SecurityMonitoringIntegrationConfigCreateRequest,
)
from datadog_api_client.v2.model.security_monitoring_integration_config_resource_type import (
    SecurityMonitoringIntegrationConfigResourceType,
)
from datadog_api_client.v2.model.security_monitoring_integration_config_secrets import (
    SecurityMonitoringIntegrationConfigSecrets,
)
from datadog_api_client.v2.model.security_monitoring_integration_config_settings import (
    SecurityMonitoringIntegrationConfigSettings,
)
from datadog_api_client.v2.model.security_monitoring_integration_type import SecurityMonitoringIntegrationType

body = SecurityMonitoringIntegrationConfigCreateRequest(
    data=SecurityMonitoringIntegrationConfigCreateData(
        attributes=SecurityMonitoringIntegrationConfigCreateAttributes(
            domain="siem-test.com",
            integration_type=SecurityMonitoringIntegrationType.GOOGLE_WORKSPACE,
            name="My GWS Integration",
            secrets=SecurityMonitoringIntegrationConfigSecrets([("admin_email", "test@example.com")]),
            settings=SecurityMonitoringIntegrationConfigSettings([("setting1", "value1")]),
        ),
        type=SecurityMonitoringIntegrationConfigResourceType.INTEGRATION_CONFIG,
    ),
)

configuration = Configuration()
configuration.unstable_operations["create_security_monitoring_integration_config"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_security_monitoring_integration_config(body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Create an entity context sync configuration returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.create_security_monitoring_integration_config".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SecurityMonitoringIntegrationConfigCreateRequest.new({
  data: DatadogAPIClient::V2::SecurityMonitoringIntegrationConfigCreateData.new({
    attributes: DatadogAPIClient::V2::SecurityMonitoringIntegrationConfigCreateAttributes.new({
      domain: "siem-test.com",
      integration_type: DatadogAPIClient::V2::SecurityMonitoringIntegrationType::GOOGLE_WORKSPACE,
      name: "My GWS Integration",
      secrets: DatadogAPIClient::V2::SecurityMonitoringIntegrationConfigSecrets.new({}),
      settings: DatadogAPIClient::V2::SecurityMonitoringIntegrationConfigSettings.new({}),
    }),
    type: DatadogAPIClient::V2::SecurityMonitoringIntegrationConfigResourceType::INTEGRATION_CONFIG,
  }),
})
p api_instance.create_security_monitoring_integration_config(body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Create an entity context sync configuration returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SecurityMonitoringIntegrationConfigCreateRequest{
		Data: datadogV2.SecurityMonitoringIntegrationConfigCreateData{
			Attributes: datadogV2.SecurityMonitoringIntegrationConfigCreateAttributes{
				Domain:          "siem-test.com",
				IntegrationType: datadogV2.SECURITYMONITORINGINTEGRATIONTYPE_GOOGLE_WORKSPACE,
				Name:            "My GWS Integration",
				Secrets: map[string]interface{}{
					"admin_email": "test@example.com",
				},
				Settings: map[string]interface{}{
					"setting1": "value1",
				},
			},
			Type: datadogV2.SECURITYMONITORINGINTEGRATIONCONFIGRESOURCETYPE_INTEGRATION_CONFIG,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.CreateSecurityMonitoringIntegrationConfig", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSecurityMonitoringIntegrationConfig(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSecurityMonitoringIntegrationConfig`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSecurityMonitoringIntegrationConfig`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Create an entity context sync configuration returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SecurityMonitoringIntegrationConfigCreateAttributes;
import com.datadog.api.client.v2.model.SecurityMonitoringIntegrationConfigCreateData;
import com.datadog.api.client.v2.model.SecurityMonitoringIntegrationConfigCreateRequest;
import com.datadog.api.client.v2.model.SecurityMonitoringIntegrationConfigResourceType;
import com.datadog.api.client.v2.model.SecurityMonitoringIntegrationConfigResponse;
import com.datadog.api.client.v2.model.SecurityMonitoringIntegrationType;
import java.util.Map;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.createSecurityMonitoringIntegrationConfig", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SecurityMonitoringIntegrationConfigCreateRequest body =
        new SecurityMonitoringIntegrationConfigCreateRequest()
            .data(
                new SecurityMonitoringIntegrationConfigCreateData()
                    .attributes(
                        new SecurityMonitoringIntegrationConfigCreateAttributes()
                            .domain("siem-test.com")
                            .integrationType(SecurityMonitoringIntegrationType.GOOGLE_WORKSPACE)
                            .name("My GWS Integration")
                            .secrets(Map.ofEntries(Map.entry("admin_email", "test@example.com")))
                            .settings(Map.ofEntries(Map.entry("setting1", "value1"))))
                    .type(SecurityMonitoringIntegrationConfigResourceType.INTEGRATION_CONFIG));

    try {
      SecurityMonitoringIntegrationConfigResponse result =
          apiInstance.createSecurityMonitoringIntegrationConfig(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSecurityMonitoringIntegrationConfig");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Create an entity context sync configuration returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SecurityMonitoringIntegrationConfigCreateAttributes;
use datadog_api_client::datadogV2::model::SecurityMonitoringIntegrationConfigCreateData;
use datadog_api_client::datadogV2::model::SecurityMonitoringIntegrationConfigCreateRequest;
use datadog_api_client::datadogV2::model::SecurityMonitoringIntegrationConfigResourceType;
use datadog_api_client::datadogV2::model::SecurityMonitoringIntegrationType;
use serde_json::Value;
use std::collections::BTreeMap;

#[tokio::main]
async fn main() {
    let body = SecurityMonitoringIntegrationConfigCreateRequest::new(
        SecurityMonitoringIntegrationConfigCreateData::new(
            SecurityMonitoringIntegrationConfigCreateAttributes::new(
                "siem-test.com".to_string(),
                SecurityMonitoringIntegrationType::GOOGLE_WORKSPACE,
                "My GWS Integration".to_string(),
                BTreeMap::from([("admin_email".to_string(), Value::from("test@example.com"))]),
            )
            .settings(BTreeMap::from([(
                "setting1".to_string(),
                Value::from("value1"),
            )])),
            SecurityMonitoringIntegrationConfigResourceType::INTEGRATION_CONFIG,
        ),
    );
    let mut configuration = datadog::Configuration::new();
    configuration
        .set_unstable_operation_enabled("v2.CreateSecurityMonitoringIntegrationConfig", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api
        .create_security_monitoring_integration_config(body)
        .await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Create an entity context sync configuration returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations[
  "v2.createSecurityMonitoringIntegrationConfig"
] = true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSecurityMonitoringIntegrationConfigRequest =
  {
    body: {
      data: {
        attributes: {
          domain: "siem-test.com",
          integrationType: "GOOGLE_WORKSPACE",
          name: "My GWS Integration",
          secrets: {
            admin_email: "test@example.com",
          },
          settings: {
            setting1: "value1",
          },
        },
        type: "integration_config",
      },
    },
  };

apiInstance
  .createSecurityMonitoringIntegrationConfig(params)
  .then((data: v2.SecurityMonitoringIntegrationConfigResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
