Skip to content

Set up Federated sign-in

You can configure federated authentication to provide a Service Provider Initiated (SP-initiated) single-sign-in for your administrators and users.

You can allow your administrators to sign in to Sophos Central Enterprise using federated sign-in. Alternatively, you can let them choose between Sophos Central Admin email and password or federated sign-in.

If you choose federated sign-in, Sophos Central verifies their identities using an identity provider.

You must be a Super Admin.


If you want to use federated sign-in as your sign-in option, you must ensure that all your administrators and users are assigned to a domain and have an identity provider.

You must set up federated sign-in in this order:

  1. Verify a domain. See Verify a federated domain.
  2. Set up a federation identity provider. See Add the identity provider (Entra ID/Open IDC/ADFS).
  3. Choose your sign-in settings. See Sophos sign-in settings.