Use Microsoft AD FS as an identity provider
This option may not be available to all customers yet.
You can add Microsoft AD FS as an identity provider.
You can use Microsoft AD FS to verify the identities of your administrators and users when they sign in to Sophos Central products. You need to add Microsoft AD FS as an identity provider to do this.
You must be a Super Admin.
If you want to use federated sign-in as your sign-in option you must make sure that all your administrators and users are assigned to a domain and have an identity provider.
You must verify a domain first. See Verify a federated domain.
AD FS is a service provided by Microsoft on Windows Server. It allows you to authenticate using existing Active Directory credentials.
If you want to use AD FS as an identity provider, you must do the following:
- Ensure you have an AD FS server.
- Ensure that your Sophos Central administrators and users are in the Active Directory forest that you want to use for authentication.
- Ensure that the emails in the forest match those assigned to your administrators and users in Sophos Central.
- Get consent and authorization from your AD admin to use your organization's AD with Sophos Central.
- Find your Microsoft AD FS metadata URL.
Microsoft AD FS metadata URL
You need to know your Microsoft AD FS metadata URL before adding Microsoft AD FS as an identity provider. To find this, do as follows:
- Go to Federation Metadata Explorer.
- Follow the on-screen instructions to get your AD FS metadata.
- Make a note of your Microsoft AD FS metadata URL as you need this to set up AD FS as an identity provider.
You can now add AD FS as an identity provider. See Add an identity provider.
For general help on Microsoft AD FS, see AD FS help.