Follow these instructions to turn on federated sign-in and choose how your
administrators and users can sign in.
If you want your administrators and users to sign in using their Microsoft credentials, you must:
- Make sure you have an Azure Active Directory (AD) account with Microsoft. Azure AD is Microsoft’s
cloud-based identity and access management service.
- Get consent and authorization from your Azure AD admin to use your company’s Azure AD with Sophos Central.
- Make sure you have a Sophos Central account that matches your Azure AD
account (the emails must match).
- You must be a Super Admin to turn on federated sign-in.
To choose how your administrators and users sign in:
-
Click Federated Sign-in in Settings.
-
Make sure that an Azure AD admin has given consent for federated sign-in, if you want to allow
users to sign in using their Microsoft credentials.
Note If an Azure AD admin doesn't give permission for Sophos Central
to use federated sign-in before you turn on Sign in with Microsoft credentials only, federated
sign-in will fail.
-
Choose how you want your administrators and users to sign in.
If you choose Sign in with Microsoft credentials only you can
send an email to newly-added users to tell them how to sign in.
-
Add custom sign-in rules for specific administrators, if required.
-
If you want your administrators to sign-in using their Microsoft credentials only, we
recommend that you create a by-pass custom rule for one of the administrators. Click
Add Users
to do this.
-
Allow them to sign in using either their Sophos Central Admin
or Microsoft credentials.
-
Click Save.
