Skip to content
Last update: 2022-04-14

User roles

Sophos Mobile administrators have different roles. The role affects what an administrator can do.

The available roles are:

Role Description
Administrator This role can perform all available actions.
Limited Administrator This role can enroll and manage devices, but cannot specify essential settings and cannot manage other administrators.
Reporting This role can view the list of devices and is able to create reports.

For example, an auditor or an employee who needs to document the settings in Sophos Mobile.

Content admin This role is intended for employees responsible for uploading, updating or removing documents.

Usually this role is assigned to a person outside the IT department. The permissions are set to limit visibility and access only the content in the Documents menu.

Helpdesk This role can perform actions for support purposes, including enrolling devices and installing apps.

This role does not have access to critical functions, such as defining settings and creating, deleting or editing devices/device groups, packages and policies.

Read-only This role has read-only access to all settings that are available to the Administrator role.
App Group Administrator This role can manage app groups.

A typical user is an administrator that accesses the Sophos Mobile web service interface to create, update or read app groups.

Duo API This role is required for integration with the Duo Security authentication software.

Administrators with the Duo API role can access the Sophos Mobile web service interface for requesting the management status of devices.

See Duo Security integration.

Role Editor

Your Sophos Mobile product delivery includes the Role Editor. Role Editor lets you easily modify existing user roles or create your own custom roles. You can find it in the %MDM_HOME%\tools\Wizard folder, where %MDM_HOME% is the Sophos Mobile installation folder.

Back to top