Set up users and directories

The key steps to set up users and directories in Protected Browser are as follows:

1. Set up users in Sophos Central.
2. Configure federated sign-in.
3. Specify the Sophos sign-in settings.

Here's a video explaining the Protected Browser setup:

Requirements

All Protected Browser users must have access to Sophos Self Service Portal (SSP).

If you're using a directory service and want to give access to all synchronized users, give SSP access before you synchronize users from the directory service. See Give access for all users.

If you want to give SSP access only to specific users, you must do it after you've completed the synchronization. See Give access to specific users.

Set up users in Sophos Central

You can automatically synchronize users from your directory service. If you want to add users that aren't in your directory service, you can manually add them to Sophos Central.

See the instructions for your directory service:

• For on-premises Active Directory, see Download setup software and validate credentials.
• For Okta, you must first synchronize users from Okta to Active Directory, then follow the Active Directory synchronization instructions. See Download setup software and validate credentials.

• For Microsoft Entra ID, see Set up synchronization with Microsoft Entra ID.

  Restriction

  Make sure all your Microsoft Entra ID users have an email address, and the values in the Email and User principal name fields are the same.

• To manually add users to Sophos Central, see Add a user manually.

Configure federated sign-in

If you're using a cloud identity provider, you must set up federated sign-in as follows:

1. Verify a domain. See Verify a federated domain.

2. Add an indentity provider.

   See the following instructions for your identity provider:

   • For Microsoft Entra ID, see Add Microsoft Entra ID as an identity provider.
   • For Okta, see Add Open ID Connect as an identity provider.

Specify the Sophos sign-in settings

Specify the user sign-in method for Protected Browser as follows:

1. Click the General Settings icon , then click Sophos sign-in settings.

2. Select one of the following options:

   • Federated credentials only: Select this option if you're only using a cloud identity provider and haven't manually added users in Sophos Central.
   • Sophos Central Admin or Federated credentials: Select this option if you're using a cloud identity provider and have also manually added users in Sophos Central.

3. Click Save.

Next, give SSP access to users if you haven't already. See Give Self Service Portal access.