Auth0 (API)
You must have the Identity integrations license pack to use this feature.
You can integrate Auth0 with Sophos Central so that it sends data to Sophos for analysis.
This integration is API-based. You must enable API access and get details from Auth0 (Domain, Client ID, and Client Secret).
The key steps are as follows:
- Create an application in Auth0 and define permissions.
- Get credentials from Auth0.
- Add an integration in Sophos Central.
Create an application in Auth0 and define permissions
To enable integration with Auth0, do as follows:
- Sign in to the Auth0 Dashboard and go to Application > Applications.
- In the Applications section, click + Create Application.
- In the pop-up, name the application appropriately (for example, Sophos integration) and choose the application type Machine to Machine Applications. Click Create.
- In the Authorize Machine to Machine Application pop-up, select Auth0 Management API.
-
Select the checkboxes for the following permissions:
read:users
read:logs
read:logs_users
-
Click Authorize.
Get credentials from Auth0
To get credentials from Auth0, do as follows:
- Go to the Settings tab in the new application.
-
Note the following items for use in Central:
- Domain
- Client ID
- Client
Configure an integration
To integrate Auth0 with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
-
Click Auth0.
The Auth0 page opens. You can configure integrations here and see a list of any you've already configured.
-
In Data Ingest (Security Alerts), click Add Configuration.
Note
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.
-
In Integration steps, do as follows:
- Enter the Integration name and Integration description.
- Enter the Domain, Client Secret, and Client ID you got from Auth0.
The domain should usually be in the form
https://company.eu.auth0.com
. -
Click Save.
We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.