Skip to main content

What Living Security needs

Scopes: Read access to alerts, events, and endpoints Required role: Super Admin (to create API credentials); credential role should be Service Principal Read-Only
Sophos Central uses OAuth2 client credentials. After you connect, Living Security calls the Sophos whoami endpoint to automatically resolve your tenant ID and data region URL — you do not need to look these up manually.

Prerequisites

  • You must be signed in to Sophos Central Admin as a Super Admin. Only Super Admins can create and manage API credentials.

Part A — In Sophos Central

Your Sophos administrator completes these steps.
1

Open API Credentials

  1. Sign in to Sophos Central Admin.
  2. Click the Global Settings icon (gear icon) in the left navigation.
  3. Under Access Control, select API Credentials.
2

Add a new credential

  1. Click Add Credential.
  2. Enter a Name for the credential (e.g., Living Security Platform).
  3. Enter an optional Description (e.g., Read access for Living Security platform integration).
3

Select a role

Select a role for the credential, then click Add.
Service Principal Read-Only grants the least privilege needed for this integration. It allows Living Security to read security alerts, SIEM events, and endpoint inventory without the ability to modify settings or take remediation actions.
4

Copy your client ID and client secret

After clicking Add, Sophos Central displays the generated Client ID and Client Secret. Copy both values immediately and store them securely.
Sophos Central displays the client secret only once. If you navigate away without copying it, you must delete the credential and create a new one.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Sophos Central.

Troubleshooting

The API credential may be invalid, expired, or automatically removed by Sophos. Return to Global Settings → Access Control → API Credentials in Sophos Central Admin to verify the credential exists, and create a new one if needed.
Sophos Central does not send alerts before credential expiration. Set a calendar reminder to rotate credentials according to your security policy.
The credential role does not grant read access to the required resources. Role cannot be changed after credential creation — create a new credential with Service Principal Read-Only role and remove the old one.
The connection dialog’s API Key field accepts the client secret. The Client ID is handled separately during OAuth2 token exchange. If prompted for Client ID, enter it in the designated field or contact support.