Sync users in Sophos Central
You need to import users from your directory service.
To do this, you set up directory service synchronization in Sophos Central (if you haven't already done this).
Our instructions show how to set up synchronization from Azure AD to Sophos Central.
If you have on-premise Active Directory (AD), the steps depend on which identity provider (IdP) you plan to use for ZTNA:
- If your IdP will be Azure, synchronize from AD to Azure AD first (using Microsoft AD Connect). Then follow our instructions below.
- If your IdP will be Okta, follow the instructions in Set up synchronization with Active Directory.
To set up synchronization from Azure AD to Sophos Central, do as follows:
Sign in to Sophos Central.
Go to Global Settings. Under Administration, click Directory service.
Click Get started.
In Select directory service, select Azure AD Sync.
In Configure Azure Sync Settings, do as follows:
- In Step B: Configure Azure Sync Settings, enter the settings you used for your Azure tenant and click Test Connection.
In Step C: Select users and groups to include in the sync, choose which groups you want to sync.
The groups you select must be security enabled in Azure AD.
For more information on how to use the filters, see Filter users and groups in the Sophos Central Admin help.
Click Save & Sync in the upper right of the page.
Your user groups are imported. To check this, go to Overview > People and click the Groups tab.
To keep your groups synchronized with Sophos Central in future, you can set up scheduled synchronization. See "Set up your synchronization schedule" in Set up synchronization with Azure AD.
Next, set up an identity provider.