Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/22.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=API-sign-in-sign-out-users

Sign in and sign out users

Administrators can use the Sophos Firewall API to automate access control, integrate with external authentication systems, and manage guest user access. You can use API scripts to sign live users in and out from the firewall and show users logged into your network.

When you use the API to sign users in, they appear in Current activities > Live users in the firewall, and the user's client type shows as API client.

You can sign users in and out using the XML API or API Controller endpoints.

For step-by-step instructions, click the tab for your endpoint.

This endpoint processes sign-in and sign-out operations in parallel.

Before you use this endpoint, you must provide read and write permissions to the administrator performing these operations. Do as follows:

Go to Profile > Device access, and in the profile for that administrator, under Identity, set Manage live users to Read-write.

To use this endpoint, you must send a POST request using the following URL:

https://<Firewall IP address or FQDN>:<port>/xmlapi/v1/authentication/networkuser

To sign users in, use the following syntax:

<Request><LiveUserLogin><Admin><UserName>admin</UserName><Password>abcd</Password></Admin><UserName>testuser</UserName><IPAddress>192.0.2.1</IPAddress><MacAddress>AA-BB-CC-DD-EE-FF</MacAddress></LiveUserLogin></Request>

The values in the syntax above are placeholders. Replace them with the appropriate values from your network.

To sign users out, use the following syntax:

<Request><LiveUserLogout><Admin><UserName>admin</UserName><Password>abcd</Password></Admin><UserName>testuser</UserName><IPAddress>192.0.2.1</IPAddress><MacAddress>AA-BB-CC-DD-EE-FF</MacAddress></LiveUserLogout></Request>

The values in the syntax above are placeholders. Replace them with the appropriate values from your network.

Example 
curl -k "https://<192.0.2.1>:<4444>/xmlapi/v1/authentication/networkuser -d '<Request><LiveUserLogin><Admin><UserName>admin</UserName><Password>abcd</Password></Admin><UserName>testuser</UserName><IPAddress>192.0.2.1</IPAddress><MacAddress>DE:AD:BE:EF:CA:FE</MacAddress></LiveUserLogin></Request>'

This endpoint processes sign-in and sign-out operations serially.

To use this endpoint, you must send the payload using the following URL:

https://<Firewall IP address or FQDN>:<port>/webconsole/APIController

To sign users in, use the following syntax:

<Request><LiveUserLogin><UserName>admin</UserName><Password>abcd</Password><IPAddress>192.0.2.1</IPAddress><MacAddress>00:0C:29:2D:D3:AC</MacAddress></LiveUserLogin></Request>

The values in the syntax above are placeholders. Replace them with the appropriate values from your network.

To sign users out, use the following syntax:

<Request><LiveUserLogout><Admin><UserName>admin</UserName><Password>abcd</Password></Admin><UserName>sophos</UserName><IPAddress>192.0.2.1</IPAddress></LiveUserLogout></Request>

The values in the syntax above are placeholders. Replace them with the appropriate values from your network.

Example 
https://<10.21.18.15>:4444/webconsole/APIController?SecureStorageMasterKey=Passw0rd@12345&reqxml=<Request><LiveUserLogin><UserName>admin</UserName><Password>abcd</Password><IPAddress>10.21.18.15</IPAddress><MacAddress>00:0C:29:2D:D3:AC</MacAddress></LiveUserLogin></Request>