Skip to content
Find out how we support MDR.

Auth0 (API)


You must have the Identity integrations license pack to use this feature.

You can integrate Auth0 with Sophos Central so that it sends data to Sophos for analysis.

This integration is API-based. You must enable API access and get details from Auth0 (Domain, Client ID, and Client Secret).

The key steps are as follows:

  • Create an application in Auth0 and define permissions.
  • Get credentials from Auth0.
  • Add an integration in Sophos Central.

Create an application in Auth0 and define permissions

To enable integration with Auth0, do as follows:

  1. Sign in to the Auth0 Dashboard and go to Application > Applications.
  2. In the Applications section, click + Create Application.
  3. In the pop-up, name the application appropriately (for example, Sophos integration) and choose the application type Machine to Machine Applications. Click Create.
  4. In the Authorize Machine to Machine Application pop-up, select Auth0 Management API.
  5. Select the checkboxes for the following permissions:

    • read:users
    • read:logs
    • read:logs_users
  6. Click Authorize.

Get credentials from Auth0

To get credentials from Auth0, do as follows:

  1. Go to the Settings tab in the new application.
  2. Note the following items for use in Central:

    • Domain
    • Client ID
    • Client

Configure an integration

To integrate Auth0 with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Auth0.

    The Auth0 page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.


    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, do as follows:

    1. Enter the Integration name and Integration description.
    2. Enter the Domain, Client Secret, and Client ID you got from Auth0.

    The domain should usually be in the form

  5. Click Save.

We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.

More information