Skip to main content
Super Admin role is required in Sophos Central to manage API credentials. Without Super Admin, the API Credentials Management menu is not visible.

Open API Credentials Management

Navigate to the API Credentials Management page in Sophos Central.

1

Sign in to Sophos Central

Sign in to your Sophos Central account.

  • Click the Settings (gear icon) in the top navigation.
  • Under Administration, click API Credentials Management.

Add a new credential

Open the Add credential dialog and fill in the required fields.

1

Open the Add credential form

Click Add Credential in the top right of the credentials list.

2

Fill in credential details

Provide a name, an optional description, and select a Service Principal role.

  • Credential name (required) - StackOne Integration
  • Description (optional) - OAuth credentials for StackOne connector
  • Select a Role from the dropdown (see role options below).
  • Click Details next to the Role dropdown to see what each role can do.
  • Click Add to generate the credential.

Choose a Service Principal role

Each role determines which Sophos APIs the credential can call. The default is Service Principal Super Admin.

  • Service Principal Super Admin - full read and write access across all APIs (recommended for most StackOne use cases).
  • Service Principal Management - management-level access without forensics.
  • Service Principal Forensics - forensics and incident investigation access.
  • Service Principal ReadOnly - read-only access to all APIs.
  • Service Principal Directory Sync - access scoped to directory sync operations.
  • Service Principal Firewall - access scoped to firewall management.

Copy Client ID and Client Secret

After creating the credential, copy both values and store them securely. Credentials expire 36 months after creation.

  • Format - Client ID is a UUID (e.g., xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
  • Click Copy next to the Client ID and store it.
  • Click Show Client Secret, then Copy to capture the secret.
  • The Client Secret is shown only once and cannot be retrieved later.

Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for Sophos Central:
1

Navigate to Connector Profiles

Login to StackOne and navigate to Connector Profiles
2

Create New Connector Profile

  • Click + Connector Profile
  • Search for and select Sophos Central
  • Select Type as OAuth 2.0 Client Credentials
  • Fill out the fields using details retrieved from your provider:
    • Client ID
    • Client Secret
  • (Optional) Select Actions to be enabled for this Connector Profile
  • Click Create profile
Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to Link Accounts for Sophos Central.