Sync users in Sophos Central
You need to import users from your directory service.
To do this, you set up directory service synchronization in Sophos Central (if you haven't already done this).
If you're using Okta as the identity provider, you must synchronize user groups in on-premises Active Directory (AD) with both Sophos Central and Okta.
Our instructions show how to set up synchronization from Microsoft Entra ID (Azure AD) to Sophos Central.
Note
If you have on-premises Active Directory (AD), the steps depend on which identity provider (IdP) you plan to use for ZTNA:
- If your IdP will be Azure, synchronize from AD to Microsoft Entra ID (Azure AD) first (using Microsoft AD Connect). Then follow our instructions below.
- If your IdP will be Okta, follow the instructions in Set up synchronization with Active Directory.
To set up synchronization from Microsoft Entra ID (Azure AD) to Sophos Central, do as follows:
-
Sign in to Sophos Central.
-
Go to My Products > General Settings.
- Under Administration, click Directory service.
-
Click Get started.
-
In Select directory service, select Microsoft Entra ID (Azure AD) Sync.
-
In Configure Azure Sync Settings, do as follows:
- In Step B: Configure Azure Sync Settings, enter the settings you used for your Azure tenant and click Test Connection.
-
In Step C: Select users and groups to include in the sync, choose which groups you want to sync.
The groups you select must be security enabled in Microsoft Entra ID (Azure AD).
For more information on how to use the filters, see Filter users and groups in the Sophos Central Admin help.
-
Click Save & Sync in the upper right of the page.
-
Your user groups are imported. To check this, go to People > Manage Users and Groups and click the Groups tab.
To keep your groups synchronized with Sophos Central in future, you can set up scheduled synchronization. See "Set up your synchronization schedule" in Set up synchronization with Microsoft Entra ID (Azure AD).
Next, set up an identity provider.