> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sophos Central OAuth 2.0 Client Credentials connector profile – StackOne setup guide

> Set up the OAuth 2.0 Client Credentials connector profile for Sophos Central in StackOne. One-time admin setup required before your users can link Sophos Central accounts via Hub.

<Warning>Super Admin role is required in Sophos Central to manage API credentials. Without Super Admin, the API Credentials Management menu is not visible.</Warning>

<section data-guide-section data-guide-scopes="">
  <h2>Open API Credentials Management</h2>

  <p>Navigate to the API Credentials Management page in Sophos Central.</p>

  <Steps>
    <Step title="Sign in to Sophos Central">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Sign in to your <a href="https://cloud.sophos.com" target="_blank" rel="noopener noreferrer">Sophos Central account</a>.</p>

        <ul>
          <li>Click the <strong>Settings</strong> (gear icon) in the top navigation.</li>
          <li>Under <strong>Administration</strong>, click <strong>API Credentials Management</strong>.</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Add a new credential</h2>

  <p>Open the Add credential dialog and fill in the required fields.</p>

  <Steps>
    <Step title="Open the Add credential form">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Add Credential</strong> in the top right of the credentials list.</p>
      </div>
    </Step>

    <Step title="Fill in credential details">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Provide a name, an optional description, and select a Service Principal role.</p>

        <ul>
          <li>Credential name (required) - `StackOne Integration`</li>
          <li>Description (optional) - `OAuth credentials for StackOne connector`</li>
          <li>Select a Role from the dropdown (see role options below).</li>
          <li>Click <strong>Details</strong> next to the Role dropdown to see what each role can do.</li>
          <li>Click <strong>Add</strong> to generate the credential.</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Choose a Service Principal role</h2>

  <p>Each role determines which Sophos APIs the credential can call. The default is Service Principal Super Admin.</p>

  <ul>
    <li><strong>Service Principal Super Admin</strong> - full read and write access across all APIs (recommended for most StackOne use cases).</li>
    <li><strong>Service Principal Management</strong> - management-level access without forensics.</li>
    <li><strong>Service Principal Forensics</strong> - forensics and incident investigation access.</li>
    <li><strong>Service Principal ReadOnly</strong> - read-only access to all APIs.</li>
    <li><strong>Service Principal Directory Sync</strong> - access scoped to directory sync operations.</li>
    <li><strong>Service Principal Firewall</strong> - access scoped to firewall management.</li>
  </ul>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Copy Client ID and Client Secret</h2>

  <p>After creating the credential, copy both values and store them securely. Credentials expire 36 months after creation.</p>

  <ul>
    <li>Format - Client ID is a UUID (e.g., `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`).</li>
    <li>Click <strong>Copy</strong> next to the <strong>Client ID</strong> and store it.</li>
    <li>Click <strong>Show Client Secret</strong>, then <strong>Copy</strong> to capture the secret.</li>
    <li>The Client Secret is shown only once and cannot be retrieved later.</li>
  </ul>
</section>

## Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for <strong>Sophos Central</strong>:

<Steps>
  <Step title="Navigate to Connector Profiles">
    Login to StackOne and navigate to [Connector Profiles](https://app.stackone.com/connector_profiles)
  </Step>

  <Step title="Create New Connector Profile">
    <ul>
      <li>Click <strong>+ Connector Profile</strong></li>
      <li>Search for and select <strong>Sophos Central</strong></li>
      <li>Select <strong>Type</strong> as <strong>OAuth 2.0 Client Credentials</strong></li>

      <li>
        Fill out the fields using details retrieved from your provider:

        <ul style={{ marginLeft: '20px' }}>
          <li><strong>Client ID</strong></li>
          <li><strong>Client Secret</strong></li>
        </ul>
      </li>

      <li>(Optional) Select <strong>Actions</strong> to be enabled for this Connector Profile</li>
      <li>Click <strong>Create profile</strong></li>
    </ul>
  </Step>
</Steps>

Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to <a href="/guides/accounts-section#linking-accounts">Link Accounts</a> for <strong>Sophos Central</strong>.
