Follow these instructions to turn on federated sign-in and choose how your
administrators sign in.
If you want your administrators to sign in using their Microsoft credentials, you must:
- Make sure you have an Azure Active Directory (AD) account with Microsoft. Azure AD is Microsoft’s
cloud-based identity and access management service.
- Get consent and authorization from your Azure AD admin to use your company’s Azure AD with Sophos Central Enterprise.
- Make sure you have a Sophos Central Enterprise account that matches
your Azure AD account (the emails must match).
- You must be a Enterprise Super Admin to turn
on federated sign-in.
To choose how your administrators sign in:
-
Click Federated Sign-in in Settings.
-
Make sure that an Azure AD admin has given consent for federated sign-in, if you want to allow
administrators to sign in using their Microsoft credentials.
Note If an Azure AD admin doesn't give permission for Sophos Central Enterprise to use federated sign-in before you turn on
Sign in with Microsoft credentials only, federated sign-in will fail.
-
Choose how you want your administrators to sign in.
If you choose Sign in with Microsoft credentials only you can
send an email to newly-added administrators to tell them how to sign in.
-
Add custom sign-in rules for specific administrators, if required.
-
If you want your administrators to sign in using their Microsoft credentials only, we
recommend that you create a by-pass custom rule for one of the administrators. Click
Add Users
to do this.
-
Allow them to sign in using either their Sophos Central Enterprise or Microsoft credentials.
-
Click Save.