Skip to content

Taegis to Sophos Central User Role Mappings🔗

This page lists all possible roles in Secureworks® Taegis™ XDR and defines how each role maps to Sophos Central user principals. It also details the requirements for Sophos Central user roles and permission sets.

Taegis XDR User Roles🔗

Taegis XDR users access the platform with various permissions and roles:

  • Predefined Roles:

    • Tenant Admin
    • Tenant Analyst
    • Tenant Responder
    • Tenant Auditor (read-only access)

  • Custom Roles:

    • A Tenant Admin can create custom roles for each customer tenant.

Mapping Taegis XDR Roles to Central User Principals🔗

When a Taegis XDR user accesses Sophos Central functionality from the Taegis XDR UI, they are mapped to a Central user principal based on their endpoint permissions. These Central pseudo-user principals are not based on the user’s actual identity, but rather on a functional mapping.

Note

Central roles for these pseudo-users are not visible or manageable in the Taegis UI and are assigned only the minimum permissions required to perform their tasks (least privilege) based on the user's Taegis role.

Taegis Role and Permission Mapping Table🔗

Taegis XDR Roles Central Role
Tenant Admin admin_taegis
Tenant Analyst
Tenant Responder		 analyst_taegis
Tenant Auditor readonly_taegis

Custom Role Mapping🔗

Custom Taegis roles are mapped based on the permissions they include:

  1. All 16 agent permissions:

    Maps to analyst_taegis

  2. Missing one or more of the 16, but includes both Add/Remove Tag and Isolate Agent:

    Maps to analyst_taegis

  3. Missing Add/Remove Tag or Isolate Agent:

    Maps to readonly_taegis

Note

You cannot create a Custom Role that has access to Live Response.

Live Response Role and Permission Mapping🔗

Live Response is a powerful tool for device investigation and should be scoped only to trusted operators. These personnel should have a Taegis Tenant Administrator role assigned.

Taegis™ XDR Endpoint Agent Permissions🔗

There are 16 agent management permissions in the Taegis XDR Application, assigned to canned roles as illustrated in the application. When designing custom roles, use these permissions to determine Sophos Central role mapping.

Note

Due to the sensitivity of Live Response you cannot create a Custom Role that has access to Live Response.

Frequently Asked Questions🔗

Can I manage Central pseudo-user roles in the Central UI?

No. These roles are assigned automatically and are not visible or editable in Sophos Central.

How are custom roles mapped?

Custom roles are mapped based on the combination of endpoint permissions they include, following the rules above.