Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=SSO-Azure-AD

Use Microsoft Entra ID as an identity provider

You can use your Microsoft Entra ID instance to verify the identities of your administrators and users when they sign in to Sophos Central products. You need to add Microsoft Entra ID as an identity provider to do this.

If you want to use Microsoft Entra ID as an identity provider, find your Tenant ID for your Microsoft Entra ID instance. We need this to verify your users and administrators.

Requirements

You must verify a domain first. See Verify a federated domain.

You must be a Super Admin.

Warning

If you want to use federated sign-in as your sign-in option, you must ensure that all your administrators and users are assigned to a domain and have an identity provider.

Before you can add Microsoft Entra ID as an identity provider, you must do as follows:

  • Make sure you have a Microsoft Entra ID account.
  • Get consent and authorization from your Microsoft Entra ID admin to use your organization's Microsoft Entra ID with Sophos Central.
  • Ensure you have a Sophos Central account that matches your Microsoft Entra ID account (the emails must match).

A Microsoft Entra ID administrator must grant consent to use the credentials stored in your organization's Microsoft Entra ID tenant to sign in to Sophos Central. See Consent experience for applications in Microsoft Entra ID.

This consent applies to all Sophos Central products.

When a Microsoft Entra ID administrator gives consent, it means your Microsoft Entra ID tenant trusts Sophos Central, and you can add Microsoft Entra ID as your identity provider.

Find your Tenant ID

You need to know the Tenant ID before you can add Microsoft Entra ID as an identity provider.

To find your Tenant ID, do as follows:

  1. From the Microsoft Azure portal menu, select Microsoft Entra ID. The Overview page appears.

  2. In the Basic information section, find your Tenant ID. This is the ID for your tenant domain.

    You'll need to enter it when you set up Microsoft Entra ID as an identity provider.

To add Microsoft Entra ID as an identity provider, see the following topics: