Follow these instructions to synchronize with Azure Active
Directory.
You need:
- A Microsoft Azure subscription.
- Azure Active Directory.
Caution You can use either Azure Active Directory synchronization or Active Directory Sync. You can't set up Azure
Active Directory synchronization if you are already using Active Directory Sync.
To configure Azure Active Directory synchronization:
-
Set up your Azure applications. To do this follow the instructions in Prerequisites to access
the Azure Active Directory reporting API and the instructions in the next two
steps.
-
In To register an Azure AD application, do as follows:
-
Enter a Name.
-
Enter https://central.sophos.com in Redirect
URI.
-
In Get your application’s client secret, do as follows:
-
Enter a description and expiry date.
-
Make a note of your Client secret and Secret expiration
date.
-
Make a note of your Application (client) ID and Primary
Domain.
-
In Sophos Central, in the left-hand pane, select Settings.
-
On the Settings page, under Administration, select Azure AD Sync Settings/Status.
-
On the Azure Sync Settings/Status page, select Edit.
-
In the Edit Azure AD Sync dialog box,
enter the following information, which you obtained when you set up your Azure applications:
- Client ID
- Tenant Domain
- Application Key (client
secret)
- Application Key Expiration
You do not have to set the expiration date. We recommend that you do enter it so that Sophos Central can send you notifications of when your key is about to
expire.
-
Select Test Connection to
validate the Azure Sync connection.
-
Select Save.
-
On the next menu, select Sync to import users.
Synchronization starts. This process may take some time.