Set up synchronization with Azure Active Directory

Follow these instructions to synchronize with Azure Active Directory.

You need:
  • A Microsoft Azure subscription.
  • Azure Active Directory.
Caution You can use either Azure Active Directory synchronization or Active Directory Sync. You can't set up Azure Active Directory synchronization if you are already using Active Directory Sync.

To configure Azure Active Directory synchronization:

  1. Set up your Azure applications. To do this follow the instructions in Prerequisites to access the Azure Active Directory reporting API and the instructions in the next two steps.
  2. In To register an Azure AD application, do as follows:
    1. Enter a Name.
    2. Enter https://central.sophos.com in Redirect URI.
  3. In Get your application’s client secret, do as follows:
    1. Enter a description and expiry date.
    2. Make a note of your Client secret and Secret expiration date.
    3. Make a note of your Application (client) ID and Primary Domain.
  4. In Sophos Central, in the left-hand pane, select Settings.
  5. On the Settings page, under Administration, select Azure AD Sync Settings/Status.
  6. On the Azure Sync Settings/Status page, select Edit.
  7. In the Edit Azure AD Sync dialog box, enter the following information, which you obtained when you set up your Azure applications:
    • Client ID
    • Tenant Domain
    • Application Key (client secret)
    • Application Key Expiration

    You do not have to set the expiration date. We recommend that you do enter it so that Sophos Central can send you notifications of when your key is about to expire.

  8. Select Test Connection to validate the Azure Sync connection.
  9. Select Save.
  10. On the next menu, select Sync to import users.

    Synchronization starts. This process may take some time.