--- title: Sophos API Integration on Truto slug: sophos category: Default canonical: "https://truto.one/integrations/detail/sophos/" --- # Sophos API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Sophos account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Sophos.** The Proxy API is a 1-to-1 mapping of the Sophos API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Sync employee identities into Sophos Central for policy automation** — HR and IT provisioning platforms can push users and group assignments into Sophos Central so that security policies (web control, USB restrictions, endpoint protection tiers) are automatically applied based on role or department — eliminating manual admin work. - **Centralize user directory data across security tools** — Security operations and IT management platforms can pull Sophos Central's user and group directory alongside other tools via Truto's Unified User Directory API, giving their customers a single view of identity coverage across their security stack. - **Automate employee offboarding across cybersecurity tools** — When an employee is terminated in an HRIS, IT lifecycle platforms can programmatically remove or deactivate the user in Sophos Central and reassign their group memberships, ensuring former employees don't retain access to managed endpoints or policies. - **Audit user-to-group mappings for compliance evidence** — GRC and compliance platforms can read Sophos Central's user and group data to verify that every employee is assigned to the correct policy group, generating audit-ready evidence for SOC 2, HIPAA, or ISO 27001 reviews. ## What you can build - **Automated Sophos user provisioning from HRIS data** — Create and update users in Sophos Central the moment a new hire appears in your customer's HR system, using Truto's Unified User Directory API to normalize the data. - **Role-based group assignment engine** — Automatically place Sophos users into the correct security policy groups based on department, role, or contractor status synced from an upstream identity provider. - **Cross-tool identity coverage dashboard** — Show customers which employees exist in Sophos Central versus their IdP or HRIS, highlighting gaps where users lack endpoint security coverage. - **Offboarding user cleanup workflow** — Trigger automated removal or deactivation of Sophos Central users when an employee is marked as terminated in connected HR or identity systems. - **Compliance-ready user directory report** — Generate exportable reports of all Sophos Central users, their group memberships, and role assignments to satisfy auditor requests for access control evidence. ## FAQs ### What Unified APIs does Truto support for Sophos? Truto maps Sophos to the Unified User Directory API, which covers Users, Groups, and Roles. This lets you read and manage Sophos Central's directory objects through a standardized schema alongside other integrations. ### How does authentication work for the Sophos integration? Sophos Central uses OAuth 2.0 client credentials for API access. Your end users generate API credentials (client ID and client secret) in their Sophos Central admin console. Truto handles token exchange and refresh so you don't manage auth flows yourself. ### Are additional Sophos API capabilities (endpoints, alerts, SIEM) available through Truto? The current Unified API mapping covers the User Directory (users, groups, roles). Additional Sophos capabilities — such as endpoint management, alerts, and SIEM event ingestion — are not yet mapped but can be built on request. Contact Truto to discuss your specific requirements. ### Does Truto handle Sophos API pagination and rate limits? Yes. Truto abstracts away Sophos Central's cursor-based pagination and respects its rate limits automatically, so your application receives complete result sets without needing to implement retry or paging logic. ### Can I use this integration for MSP multi-tenant environments? Sophos's Partner API exposes tenant-level access for MSPs. While Truto's current Unified API mapping focuses on directory objects within a single tenant, multi-tenant MSP workflows can be explored as a custom build. Reach out to discuss your architecture. ### How fresh is the user directory data from Sophos? Data is fetched directly from the Sophos Central API in real time when your application makes a request through Truto. There is no intermediate cache, so you always get the current state of users, groups, and roles as they exist in Sophos Central.