Turn on federated sign-in

Follow these instructions to turn on federated sign-in and choose how your administrators and users can sign in.

If you want your administrators and users to sign in using their Microsoft credentials, you must:

  • Make sure you have an Azure Active Directory (AD) account with Microsoft. Azure AD is Microsoft’s cloud-based identity and access management service.
  • Get consent and authorization from your Azure AD admin to use your company’s Azure AD with Sophos Central.
  • Make sure you have a Sophos Central account that matches your Azure AD account (the emails must match).
  • You must be a Super Admin to turn on federated sign-in.

To choose how your administrators and users sign in:

  1. Click Federated Sign-in in Settings.
  2. Make sure that an Azure AD admin has given consent for federated sign-in, if you want to allow users to sign in using their Microsoft credentials.
    Note If an Azure AD admin doesn't give permission for Sophos Central to use federated sign-in before you turn on Sign in with Microsoft credentials only, federated sign-in will fail.
  3. Choose how you want your administrators and users to sign in.

    If you choose Sign in with Microsoft credentials only you can send an email to newly-added users to tell them how to sign in.

  4. Add custom sign-in rules for specific administrators, if required.
    1. If you want your administrators to sign-in using their Microsoft credentials only, we recommend that you create a by-pass custom rule for one of the administrators. Click Add Admins to do this.
    2. Allow them to sign in using either their Sophos Central Admin or Microsoft credentials.
  5. Click Save.