Open API Credentials Management
Navigate to the API Credentials Management page in Sophos Central.
Sign in to Sophos Central
Sign in to your Sophos Central account.
- Click the Settings (gear icon) in the top navigation.
- Under Administration, click API Credentials Management.
Add a new credential
Open the Add credential dialog and fill in the required fields.
Fill in credential details
Provide a name, an optional description, and select a Service Principal role.
- Credential name (required) -
StackOne Integration - Description (optional) -
OAuth credentials for StackOne connector - Select a Role from the dropdown (see role options below).
- Click Details next to the Role dropdown to see what each role can do.
- Click Add to generate the credential.
Choose a Service Principal role
Each role determines which Sophos APIs the credential can call. The default is Service Principal Super Admin.
- Service Principal Super Admin - full read and write access across all APIs (recommended for most StackOne use cases).
- Service Principal Management - management-level access without forensics.
- Service Principal Forensics - forensics and incident investigation access.
- Service Principal ReadOnly - read-only access to all APIs.
- Service Principal Directory Sync - access scoped to directory sync operations.
- Service Principal Firewall - access scoped to firewall management.
Copy Client ID and Client Secret
After creating the credential, copy both values and store them securely. Credentials expire 36 months after creation.
- Format - Client ID is a UUID (e.g.,
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). - Click Copy next to the Client ID and store it.
- Click Show Client Secret, then Copy to capture the secret.
- The Client Secret is shown only once and cannot be retrieved later.
Creating the StackOne Connector Profile
To create the Connector Profile in StackOne for Sophos Central:Navigate to Connector Profiles
Create New Connector Profile
- Click + Connector Profile
- Search for and select Sophos Central
- Select Type as OAuth 2.0 Client Credentials
- Fill out the fields using details retrieved from your provider:
- Client ID
- Client Secret
- (Optional) Select Actions to be enabled for this Connector Profile
- Click Create profile