Getting Started with
Sophos Central User
Management
Sophos Central Endpoint and Service Protection
Version: 4.0v1
[Additional Information]
Sophos Central Endpoint and Server Protection
CE1010: Getting Started with Sophos Central User Management
December 2022
Version: 4.0v1
© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior written
consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be the
trademarks or registered trademarks of Sophos Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions or representations (whether express
or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park, Abingdon,
Oxfordshire, OX14 3YP.
Getting Started with Sophos Central User Management - 1
Getting Started with Sophos Central User Management
In this chapter you will learn how
to manage users in Sophos
Central using groups, how to
setup and manage your multifactor authentication settings,
and how to create API
credentials.
RECOMMENDED KNOWLEDGE AND EXPERIENCE
✓ How to login to Sophos Central
✓ How users are added to Sophos Central
DURATION
7 minutes
In this chapter you will learn how to manage users in Sophos Central using groups, how to setup and
manage your multi-factor authentication settings, and how to create API credentials.
Getting Started with Sophos Central User Management - 2
People
Synchronized from a directory
Central-managed
Once users have been added to Sophos Central, they will be listed on the ‘People’ page.
You will notice that there are two different icons for users, one to indicate that the user is
synchronized from a directory, and the other for Central-managed users that have been added
manually or automatically.
Getting Started with Sophos Central User Management - 3
User Details Summary
Clicking on a user will open the details page for that user; this is split into four tabs; summary, devices,
events, and policies.
The SUMMARY tab contains an overview of recent events, devices, mailboxes, groups and logins.
Getting Started with Sophos Central User Management - 4
User Details Devices
The DEVICES tab displays all the devices the user has associated to them. It allows you to perform
actions on the devices.
For example, on an endpoint you can initiate a scan or update, gather troubleshooting information, or
delete the device.
Getting Started with Sophos Central User Management - 5
User Details Events
The EVENTS tab displays all the events logged for the user and their devices. These can be filtered by
time.
Getting Started with Sophos Central User Management - 6
User Details Policies
The POLICIES tab displays the policies that apply to the user.
Getting Started with Sophos Central User Management - 7
People Groups
Filter user groups
Central managed
Synchronized from a directory
People groups simplify applying policies to users with the same requirements. Groups can be manually
created in Sophos Central or synchronized from an active directory service. As with users, groups have
different icons to indicate how they are being managed.
At the top of the page, you can filter the user groups to show all groups, or only Central-managed
groups or Active Directory groups.
Users can be a member of multiple groups.
Getting Started with Sophos Central User Management - 8
People Groups
Give the group a
name
Assign users to the group
To create a new Central managed group, navigate to People > Groups > Add Group.
Enter the group name and optionally a description for the group.
Move any users you wish to be a member of the group from the ‘Available Users’ list to the ‘Assigned
Users’ list and click Save.
Getting Started with Sophos Central User Management - 9
Edit User
You can modify the groups a user is assigned to by editing the user.
Select the user from the People > Users list. Under the username click Edit. You can assign the user to
multiple groups.
Getting Started with Sophos Central User Management - 10
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) improves authentication security by requiring two or more factors of
authentication.
MFA is required for all administrators in Sophos Central
Multi-factor authentication, or MFA, improves security by requiring two or more factors of
authentication to login to Sophos Central. Multi-factor authentication is required for all administrators
in Sophos Central.
Your username and password are required for authentication, this is information you know. As a
second factor of authentication, you need to use something you have. This can be a phone, which is
proven by entering a one-time code that is sent via an SMS text message or an electronic token, which
is proven by entering a one-time code from an authenticator app.
If you lose your phone or the authenticator app, you can use your email address with a PIN code as a
backup authentication method; however, the primary authentication method must be either SMS or
an authenticator app.
Getting Started with Sophos Central User Management - 11
How to Manage you MFA Settings
You can update your multi-factor authentication settings from the user menu in the top-right of the
admin console.
Select Manage Login Settings.
Getting Started with Sophos Central User Management - 12
How to Change MFA Type
Add additional MFA
methods to your account
Once a new method has been
created it will be listed as an
authentication method
Here you can see the multi-factor authentication methods you have configured, add new methods,
remove old devices, or update the PIN used for the email backup authentication.
Adding new authentication methods follows the same process as the initial multi-factor authentication
configuration.
Getting Started with Sophos Central User Management - 13
Simulation: Configuring MFA
In this simulation you will configure multi-factor
authentication for a new Sophos Central account, then
add another authentication method.
LAUNCH SIMULATION
CONTINUE
https://training.sophos.com/ce/simulation/MFA/1/start.html
Please complete this simulation.
Click Launch Simulation to start. Once you have finished, click Continue.
[Additional Information]
https://training.sophos.com/ce/simulation/MFA/1/start.html
Getting Started with Sophos Central User Management - 14
API Credentials
Super admin permissions are required to create API credentials
To use the Sophos Central APIs and the Windows Active Directory Sync tool, you need to create a set
of API credentials. These are separate to users in Sophos Central.
API credentials have a credential ID and secret that work like a username and password, as well as a
role to manage the permissions and an expiry date.
Only administrators with the super admin role can add and manage API credentials in Sophos Central.
API credentials are managed in Global Settings > API Credentials Management.
You can have up to 10 API credentials in Sophos Central.
Getting Started with Sophos Central User Management - 15
API Credentials
Select the role for the API
credential permissions
Creating API credentials is easy, you just need to enter a name, optionally you can add a description,
then select the role you want to use, which will determine the permissions the API credential is given.
Getting Started with Sophos Central User Management - 16
API Credentials
The client secret is only shown once
when the API credential is created
The client secret will only be displayed ONCE
Once you have created a set of API credentials the details for the credential information will be
displayed.
It is important to note that the client secret will only be displayed once, so you should only choose to
display it when you are ready to use it.
Getting Started with Sophos Central User Management - 17
API Credential Roles
On the Roles tab you can see descriptions for each of the roles.
By clicking on a role, you can see the API permissions given to that role and the API credentials that
are assigned.
Getting Started with Sophos Central User Management - 18
Knowledge Check
Take a moment to check your knowledge!
Getting Started with Sophos Central User Management - 19
Question 1 of 4
How can you easily tell if a user or group is synchronized with a directory service or Central-managed?
Type column
Icon
Mouse-over tooltip
User’s summary page
Getting Started with Sophos Central User Management - 20
Question 2 of 4
True or False: You can enable and disable MFA for selected administrators?
True
False
Getting Started with Sophos Central User Management - 22
Question 3 of 4
Which forms of multi-factor authentication does Sophos Central support?
Hardware tokens
SMS
Authenticator app
Biometrics
Getting Started with Sophos Central User Management - 24
Question 4 of 4
How many API credentials can you have in Sophos Central? (enter a numerical value)
___________
Getting Started with Sophos Central User Management - 26
Chapter Review
Users and groups can either be synchronized from an Active Directory or Central-managed, this is
indicated by the icon. In the user details you can see the user's devices, events, and policies. Users can be
a member of more than one group.
Multi-factor authentication is required for all administrators in Sophos Central. Sophos Central supports
SMS and authenticator apps, with email and PIN code as a backup. You can add and remove
authentication methods and modify the email PIN through the user menu in the top-right.
Credentials for accessing the Sophos Central APIs require super admin access to create and manage. You
can have up to 10 API credentials, and each set have a role to manage permissions. The secret for API
credentials is only shown once.
Here are the three main things you learned in this chapter.
Users and groups can either be synchronized from an Active Directory or Centrally-managed, this is
indicated by the icon. In the user details you can see the user's devices, events, and policies. Users can
be a member of more than one group.
Multi-factor authentication is required for all administrators in Sophos Central. Sophos Central
supports SMS and authenticator apps, with email and a PIN code as a backup. You can add and
remove authentication methods and modify the email PIN through the user menu in the top-right.
Credentials for accessing the Sophos Central APIs require super admin access to create and manage.
You can have up to 10 API credentials, and each set have a role to manage permissions. The secret for
API credentials is only shown once.
Getting Started with Sophos Central User Management - 28
Getting Started with Sophos Central User Management - 29