Federated sign-in

You must be an Enterprise Super Admin to turn on federated sign-in for your administrators.

You can allow your administrators to sign in to Sophos Central Enterprise using their Sophos Central Enterprise sign-in credentials, their Microsoft sign-in credentials, or both.

If you turn on federated sign-in for Sophos Central Enterprise it doesn't apply to your sub-estates.

Restriction An Enterprise admin can't use the same Microsoft sign-in credentials to sign in to Sophos Central Admin.
Note Sophos Central Enterprise is not supported on mobile devices.

You can also add custom sign-in rules for specific administrators.

Using Microsoft credentials to sign in

Before an administrator can sign in using their Microsoft credentials, the following must happen:

  • An Azure AD administrator must grant consent (permission) to use the credentials stored in your organization's Azure AD tenant to sign in to Sophos Central.

    This consent applies to Sophos Central Admin, Sophos Central Enterprise and the Self-Service Portal.

    Once an Azure AD administrator gives consent, it means your Azure AD tenant trusts Sophos Central and your administrators can sign in with their Microsoft credentials.

  • You need to turn on federated sign-in. You need to choose which credentials your administrators use to sign in.

If you want to allow your administrators to use their Microsoft credentials only to sign in, you also need to know the following:

  • What happens if you change to using Sophos Central Enterprise sign-in credentials only?

    Administrators won't have a password set up to validate against. They need to use "Reset Password" to set a new password and then sign in.

  • Can administrators reset their passwords if you turn on Sign in with Microsoft credentials only?

    No, they won't receive reset password emails.

Note Your administrators can sign in using their Microsoft credentials if the email address associated with their Sophos Central Enterprise credentials matches their Microsoft sign-in credentials.