>
    Strata Copilot
    Onboard an Intercom App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard an Intercom App to SSPM
    Download PDF
    SaaS Security

    Onboard an Intercom App to SSPM

    Table of Contents

    Onboard an Intercom App to SSPM

    Onboard an Intercom app to SSPM to detect posture risks.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    To run scans of your Intercom instance, SSPM connects to the Intercom instance by using information that you provide. Once SSPM connects, it scans the Intercom instance and will continue to run scans at regular intervals.

    Onboard an Intercom App to SSPM Using an Access Token

    Onboard an Intercom app to SSPM to detect posture and account risks.
    For SSPM to detect posture risks in your Intercom instance, you must onboard your Intercom instance to SSPM. Through the onboarding process, SSPM connects to an Intercom API by using an access token that you generate from the Intercom Developer Hub. After connecting to the Intercom API, SSPM scans your Intercom instance for misconfigured settings and account risks.
    To access your Intercom instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    Access Token
    A unique, alphanumeric string that Intercom generates for an Intercom application that you create. The access token has the permissions that you specify in the Intercom application.
    Region
    The region where Intercom is hosting your data.
    To onboard your Intercom instance, you complete the following actions:
    1. Generate and copy an access token.
      To generate the access token, you need to create an app in Intercom's Developer Hub.
      1. Identify the Intercom account that you will use to create the Intercom app.
        Required Permissions: To create the Intercom app, the account must be assigned to a role that has the Apps and Integrations Access permissions. This could be a custom Developer role or a role with greater permissions.
      2. Open a web browser to the Intercom login page and log in to the account you identified.
      3. Navigate to Intercom's Developer Hub.
        1. Click the settings icon (gear icon) in the lower-left corner of the window.
        2. From the Settings navigation pane, select IntegrationsDeveloper Hub.
          The Your apps page lists any Intercom apps that you have created. From here, you can create an app.
      4. On the Your apps page, click New app.
      5. In the New app dialog, complete the following actions:
        1. Specify an App Name. Your app will be listed in the Developer Hub with other apps, so give it a meaningful name, such as SSPM Integration Token.
        2. Select the Workspace where you want to add the app.
        3. Create app.
          Intercom displays a configuration page for the new app.
      6. By default, your app has permission to all the data in your workspace. Edit your app to limit its permissions to the minimum permissions that SSPM requires.
        1. On the configuration page, make sure the Authentication tab is selected.
        2. On the Authentication page, click Edit.
        3. In the Workspace data area, deselect all the check boxes except for the Read admins check box.
      7. Regenerate your access token.
        Although Intercom created an access token when you created your app, Intercom created this token before you modified the app's permissions. You must regenerate the token for the permission updates to take effect.
        1. In the left navigation pane, select Test and publish Your workspaces.
        2. On the Your workspaces page, locate the access token and Regenerate token.
        3. A confirmation dialog warns you that regenerating the token will delete the current token. Confirm that you want to Regenerate the token.
        4. On the Your workspaces page, copy the access token and paste it into a text file.
          Don’t continue to the next step unless you have copied the access token. You must provide this token to SSPM during the onboarding process.
    2. Identify your Intercom region.
      Use the following table to determine, based on your login URL, the region where Intercom is hosting your data.
      URLRegion
      https://app.intercom.comUS (United States)
      https://app.eu.intercom.comEU (European Union)
      https://app.au.intercom.comAU (Australia)
    3. Connect SSPM to your Intercom instance.
      In SSPM, complete the following steps to enable SSPM to connect to your Intercom instance.
      1. Log in to Strata Cloud Manager.
      2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Intercom tile.
      3. On the Posture Security tab, Add New instance.
      4. Log in with Credentials.
      5. Enter your access token and region.
      6. Connect.

    © 2026 Palo Alto Networks, Inc. All rights reserved.