Turn on federated sign-in

Follow these instructions to turn on federated sign-in and choose how your administrators sign in.

If you want your administrators to sign in using their Microsoft credentials, you must:

  • Make sure you have an Azure Active Directory (AD) account with Microsoft. Azure AD is Microsoft’s cloud-based identity and access management service.
  • Get consent and authorization from your Azure AD admin to use your company’s Azure AD with Sophos Central Enterprise.
  • Make sure you have a Sophos Central Enterprise account that matches your Azure AD account (the emails must match).
  • You must be a Enterprise Super Admin to turn on federated sign-in.

To choose how your administrators sign in:

  1. Click Federated Sign-in in Settings.
  2. Make sure that an Azure AD admin has given consent for federated sign-in, if you want to allow administrators to sign in using their Microsoft credentials.
    Note If an Azure AD admin doesn't give permission for Sophos Central Enterprise to use federated sign-in before you turn on Sign in with Microsoft credentials only, federated sign-in will fail.
  3. Choose how you want your administrators to sign in.

    If you choose Sign in with Microsoft credentials only you can send an email to newly-added administrators to tell them how to sign in.

  4. Add custom sign-in rules for specific administrators, if required.
    1. If you want your administrators to sign in using their Microsoft credentials only, we recommend that you create a by-pass custom rule for one of the administrators. Click Add Admins to do this.
    2. Allow them to sign in using either their Sophos Central Enterprise or Microsoft credentials.
  5. Click Save.