Twingate MDM Connector
Problem
Organizations need to automatically trust devices in Twingate based on whether those devices are enrolled and compliant in their MDM/EDR systems, but there's no built-in integration for many popular providers. Without automation, IT teams have to manually mark devices as trusted - a process that doesn't scale.
Approach
Built a stateless Docker container that runs on a configurable schedule using a “fetch everything first, compare in memory” model. Each sync cycle queries all enabled MDM/EDR providers in parallel for their device inventory, builds in-memory indexes by normalized serial number (stripped and uppercased), fetches untrusted devices from Twingate, matches against the provider indexes, and applies the configured trust logic via API mutations. Devices that are previously trusted are never downgraded - the connector only promotes devices to trusted. Supports 10 providers across MDM, EDR, RMM, and HR/IT categories: NinjaOne, ManageEngine (cloud + on-prem), Sophos Central, Automox, JumpCloud, FleetDM, Mosyle, Datto RMM, and Rippling.
Outcome
Automates device trust for Twingate across the most common MDM/EDR platforms with two configurable trust modes (any provider or all providers required) and a configurable staleness window (default 7 days). Includes a dry-run mode for safe policy testing, HMAC-SHA256-signed webhook notifications with built-in formats for Slack, Teams, Discord, PagerDuty, OpsGenie and raw JSON, SMTP email alerts with customizable templates and daily digests, environment variable interpolation for secrets, and an optional HTTP health check endpoint. Serial numbers are partially masked in notifications to prevent identifier leakage. No database required - all state is held in memory during each sync cycle. Published under the Twingate-Solutions organization as a community project under Apache 2.0.