--- title: Create an entity context sync configuration description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Create an entity context sync configuration{% #create-an-entity-context-sync-configuration %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ---------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/configuration/integration_config | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/configuration/integration_config | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/security_monitoring/configuration/integration_config | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/security_monitoring/configuration/integration_config | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/configuration/integration_config | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/configuration/integration_config | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/configuration/integration_config | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/configuration/integration_config | ### Overview Create a new entity context sync configuration so Cloud SIEM can ingest entities from an external source. The credentials provided in `secrets` are validated against the source before the configuration is stored and never returned in subsequent responses. This endpoint requires the `manage_integrations` permission. OAuth apps require the `manage_integrations` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Request #### Body Data (required) The definition of the new integration configuration. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ---------------------------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | The entity context sync configuration to create. | | data | attributes [*required*] | object | The attributes of the entity context sync configuration to create. | | attributes | domain [*required*] | string | The domain associated with the external entity source. | | attributes | integration_type [*required*] | enum | The type of external source that provides entities to Cloud SIEM. Allowed enum values: `GOOGLE_WORKSPACE,OKTA,ENTRA_ID` | | attributes | name [*required*] | string | The display name for the entity context sync configuration. | | attributes | secrets [*required*] | object | The secrets used to authenticate against the external entity source. The accepted keys depend on the source type (for example, `admin_email` for Google Workspace). | | attributes | settings | object | Free-form, non-sensitive settings for the entity context sync. The accepted keys depend on the source type. | | data | type [*required*] | enum | The type of the resource. The value should always be `integration_config`. Allowed enum values: `integration_config` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "domain": "siem-test.com", "integration_type": "GOOGLE_WORKSPACE", "name": "My GWS Integration", "secrets": { "admin_email": "test@example.com" }, "settings": { "setting1": "value1" } }, "type": "integration_config" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response containing a single entity context sync configuration. | Parent field | Field | Type | Description | | ------------ | ---------------------------------- | --------- | ----------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | An entity context sync configuration. | | data | attributes [*required*] | object | The attributes of an entity context sync configuration as returned by the API. | | attributes | created_at | date-time | The time at which the entity context sync configuration was created. | | attributes | domain [*required*] | string | The domain associated with the external entity source (for example, the customer's identity provider domain). | | attributes | enabled [*required*] | boolean | Whether the sync is enabled and actively ingesting entities into Cloud SIEM. | | attributes | integration_type [*required*] | enum | The type of external source that provides entities to Cloud SIEM. Allowed enum values: `GOOGLE_WORKSPACE,OKTA,ENTRA_ID` | | attributes | modified_at | date-time | The time at which the entity context sync configuration was last modified. | | attributes | name | string | The display name of the entity context sync configuration. | | attributes | settings | object | Free-form, non-sensitive settings for the entity context sync. The accepted keys depend on the source type. | | attributes | state | enum | The state of the credentials configured on the entity context sync. Allowed enum values: `valid,invalid,initializing` | | data | id [*required*] | string | The unique identifier of the integration configuration. | | data | type [*required*] | enum | The type of the resource. The value should always be `integration_config`. Allowed enum values: `integration_config` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "created_at": "2026-05-01T12:00:00Z", "domain": "siem-test.com", "enabled": true, "integration_type": "GOOGLE_WORKSPACE", "modified_at": "2026-05-01T12:00:00Z", "name": "My GWS Integration", "settings": { "setting1": "value1" }, "state": "valid" }, "id": "11111111-2222-3333-4444-555555555555", "type": "integration_config" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/configuration/integration_config" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "domain": "siem-test.com", "integration_type": "GOOGLE_WORKSPACE", "name": "My GWS Integration", "secrets": { "admin_email": "test@example.com" }, "settings": { "setting1": "value1" } }, "type": "integration_config" } } EOF {% /tab %}