Use Azure AD as an identity provider
You can use Azure AD as an identity provider.
You can use your Azure AD instance to verify the identities of your administrators when they sign in to Sophos Central Enterprise. You need to add Azure AD as an identity provider to do this.
If you want to use Azure AD as an identity provider, find your Tenant ID for your Azure AD instance. We need this to verify your administrators.
You must verify a domain first. See Verify a federated domain.
You must be an Enterprise Super Admin.
If you want to use federated sign-in as your sign-in option, you must ensure that all your administrators are assigned to a domain and have an identity provider.
You must do the following before you can add Azure AD as an identity provider:
Ensure you have an Azure Active Directory (AD) account with Microsoft. Azure AD is Microsoft’s cloud-based identity and access management service.
Get consent and authorization from your Azure AD admin to use your organization's Azure AD with Sophos Central.
Ensure you have a Sophos Central Enterprise account that matches your Azure AD account (the emails must match).
Azure AD consent
An Azure AD administrator must grant consent (permission) to use the credentials stored in your organization's Azure AD tenant to sign in to Sophos Central.
This consent applies to all Sophos Central products.
When an Azure AD administrator gives consent, it means your Azure AD tenant trusts Sophos Central, and you can add Azure AD as your identity provider.
For help with granting consent in Azure, see Understanding Azure AD application consent experiences.
Find your Tenant ID
You need to know the Tenant ID for your Azure AD instance before you can add Azure AD as an identity provider.
To find this, do as follows:
Go to your Azure AD configuration and open Custom domain names.
Make a note of the ID for your Tenant Domain.
You'll need to enter it when you set up Azure AD as an identity provider.
You can now add Azure AD as an identity provider. See Add an identity provider.