Federated sign-in

You can allow your administrators and users to sign in to Sophos Central and Sophos Central Self Service Portal using their Sophos Central Admin sign-in credentials, their Microsoft sign-in credentials, or both.

Turning on federated sign-in in Sophos Central Admin also turns it on in the Sophos Central Self Service Portal.

Note Sophos Central is not supported on mobile devices.

You can also add custom sign-in rules for specific administrators.

Go to Overview > Global Settings > Federated Sign-in.

Using Microsoft credentials to sign in

Before an administrator or user can sign in using their Microsoft credentials, the following must happen:

  • An Azure AD administrator must grant consent (permission) to use the credentials stored in your organization's Azure AD tenant to sign in to Sophos Central.

    This consent applies to Sophos Central Admin, Sophos Central Enterprise, and the Sophos Central Self Service Portal.

    Once an Azure AD administrator gives consent, it means your Azure AD tenant trusts Sophos Central and your administrators and users can sign in with their Microsoft credentials.

For help with granting consent in Azure see Understanding Azure AD application consent experiences.

  • You need to turn on federated sign-in. You need to choose which credentials your administrators and users use to sign in. See Turn on federated sign-in.

If you want to allow your administrators and users to use their Microsoft credentials only to sign in, you also need to know the following:

  • What happens if you change to using Sophos Central Admin sign-in credentials only?

    Administrators and users won't have a password set up to validate against. They need to use "Reset Password" to set a new password and then sign in.

  • Can administrators and users reset their passwords if you turn on Sign in with Microsoft credentials only?

    No, they won't receive reset password emails.

Note Your administrators and users can sign in using their Microsoft credentials if the email address associated with their Sophos Central Admin credentials matches their Microsoft sign-in credentials.

For more help on using Azure AD Federation and Sophos Central Admin see Sophos Central Azure AD Federation and FAQ on Sophos Central Azure AD Federation.

Sophos Central Enterprise administrators and federated sign-in

Note If an administrator is also an Enterprise admin they can't use the same Microsoft sign-in credentials to sign in to both consoles.

If you create an Enterprise admin from an existing Sophos Central Admin account the federated sign-in credentials and settings for that account are used for the Sophos Central Enterprise account.