Integration Credential Manager

Integration Credential Manager lets you create credentials that can be used for integrating other products with Sophos Central.

Currently Integration Credential Manager can only create and manage credentials for a limited range of integrations.

You can manage all your credentials in one place and re-use them. This approach reduces the risk of security breaches.

If you set up multiple integrations of the same product, credential management also avoids the need to create a new credential each time.

This page tells you how to do the following tasks:

• View credentials
• Add credentials
• Edit credentials
• Suspend credentials
• Unsuspend credentials
• Delay suspension of inactive credentials
• Change settings for suspension of inactive credentials
• Delete credentials
• View credential details, usage, and logs

View credentials

To open Integration Credential Manager and view credentials, do as follows:

1. In Sophos Central, go to My Products > General Settings.

2. Under Administration, click Integration Credential Manager.

   

3. On the Integration Credential Manager page, you can see and manage credentials you've already created.

   

The list includes any credentials you've created during integration setup as well as credentials you've created in Credential Manager.

The list includes the following information:

• Health status: An icon in the leftmost column shows whether the health status is Green (Healthy), Yellow (Partially healthy), or Red (Unhealthy).

  If the credential hasn't been used yet, the column shows a dash instead of an icon. If you hover over it, you see the message "Awaiting usage".

• Used by: The integration features that can use the credential. For example, Data Ingestion or Response Action.

• Credential type: The product integration that the credential is used for.
• Last accessed: This shows when the credential was last used. If inactive credentials are due to be suspended or purged, you see a warning here.

For full details, click a credential's name. See View credential details, usage, and logs

Add credentials

You can create new credentials in Credential Manager any time and use them later as needed.

This example shows you how to add a credential for an API-type product integration. For detailed setup steps, go to About MDR and XDR integrations, click your product name, and read the help on credentials.

1. In Sophos Central, go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.

3. On the Integration Credential Manager page, click Add.

   

4. On the Type page, enter the Credential Type, in this example Okta API Token. Click Next.

   

5. On the Details page, enter a Name and Description. Then enter the following settings:

   1. Select the Permissions your credential will have. You can select Read or Write.
   2. In Integrations with Access, select the integration features that can use the credential. For example, Response Action.
   3. Optional. In Inactivity limit, specify how long the credential can be inactive before it's suspended or purged.
   4. Optional. In Expiration date, enter a date (if this option is available).

   

6. On the right of the Details page, under the Vendor and Product documentation and disclaimer, select the checkbox to confirm that you understand the security implications of using the new credential.

   If you don't select the checkbox now, you'll have another chance on the next page. Click Next.

7. On the Credential page, enter the required values. In this example, you must enter the following values:

   • The URL
   • The API Token

   You can get these details from your third-party product as explained in the help page for each credential type.

   Click Save.

   

Edit credentials

You can edit credentials as follows:

1. In Sophos Central, go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.

3. Find the credential and click its name to view details.

   

4. Click the Actions menu and select Edit.

   

5. You see the same setup pages used to create the credential, with your settings showing. You can change the settings on the Details and Credential pages.

Suspend credentials

You can suspend credentials. This means that they won't be available for integrations to use them.

You might suspend a credential for the following reasons:

• The credential is compromised. Suspending it prevents unauthorized access.
• The credential isn't working. Suspending it gives you time to debug it.

Remember that when you suspend a credential, the integrations that use it stop sending data to Sophos.

To suspend a credential, do as follows.

1. Go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.

3. Find the credential in the credentials list and select it.

   

4. Click the Actions menu and select Suspend.

   

5. When you see a warning that the credential may be in use, click Suspend.

Unsuspend credentials

You can unsuspend a credential so that integrations can begin using it again.

To unsuspend a credential, do as follows:

1. Go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.

3. Find the credential in the credentials list and select it.

   

4. Click the Actions menu and select Unsuspend.

   

When you unsuspend a credential, we also reset the period of time for which it can be inactive to six months (the default) or the time you set in the Inactivity limit.

Delay suspension of inactive credentials

If a credential isn't used frequently, you might receive a warning that it'll be suspended or purged automatically. See Credential alert notifications.

You'll also see a warning in the credentials list. In the Last accessed* column, a timer icon and a message are shown.

To get more time before the credential is suspended, do as follows:

1. Go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.
3. Find the credential in the credentials list and select it.

4. Click the Actions menu and select Reset inactivity limit.

   This puts the time left before suspension back to six months (the default) or the time you configured in the inactivity limit.

   

Alternatively, you can change the settings for automatic suspension of inactive credentials. See Change settings for suspension of inactive credentials.

Change settings for suspension of inactive credentials

By default, inactive credentials are automatically suspended after six months and purged after one year.

If you want to allow longer periods of inactivity, you can change these settings.

1. In Sophos Central, go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.
3. Find the credential and click its name to view its details.

4. Click the Actions menu and select Edit.

   

5. You see the same setup pages used to create the credential, with your settings showing. In the Details page,click Inactivity limit, and select the limits you want.

   For example, select Suspend after 1 year, purge after 2 years of inactivity.

   

Any suspension or purge warnings are removed. The new period of allowed inactivity starts immediately.

Delete credentials

You can delete credentials if they're no longer needed.

To delete a credential, do as follows:

1. Go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.

3. Find the credential in the credentials list and select it.

   

4. Click the Actions menu and select Delete.

   

5. When you see a warning that the credential may be in use, click Delete.

View credential details, usage, and logs

To view details of the credential settings, usage, and logs, do as follows:

1. Go to My Products > General Settings.
2. Under Administration, click Integration Credential Manager.

3. Find the credential in the credentials list and click its name to see details.

   

The details page shows the following:

• Health status: Green (Healthy), Yellow (Partially healthy), or Red (Unhealthy).
• Vendor and Vendor Identifier.
• Permissions.
• Integration Access: The integration features that use the credential. For example, Data Ingestion or Response Action.

The Usage section shows the number of requests sent to the credential and the last time a request was sent.

The Logs show the 250 most recent log events. You can filter the events by status, the integration type that sent the request, and the time range.

Credential alert notifications

If you've configured email alert rules for Credential Manager, it'll send notifications to users at predefined intervals. The users can then take appropriate actions, such as suspending or purging unused credentials.

For more information about configuring email alerts, see Configure email alerts.

The alert notifications for inactive credentials are as follows:

• Credential suspension warning: The system notifies the user 90 days before suspension is due.

  For example, if the inactivity limit is set to the default 180 days, the system sends the warning after the credential has been inactive for 90 days.

• Credential suspension: The system suspends the credential and notifies the user.

• Credential purge warnings: The user receives multiple warnings that the purge is due, starting 90 days before the purge.

  Examples

  • "Credential will be purged in 90 days because it isn't being used."
  • "Credential will be purged in 60 days because it isn't being used."
  • "Credential will be purged in 30 days because it isn't being used."
  • "Credential will be purged in 7 days because it isn't being used."

• Credential purge: If a credential still isn't used after the multiple warnings, the system purges the credential and notifies the user.