Skip to content

Set up Federated sign-in

You can configure federated authentication to provide a Service Provider Initiated (SP-initiated) single-sign-in for your administrators.

You can allow your administrators to sign in to Sophos Central Enterprise using federated sign-in. Alternatively, you can let them choose between their Sophos Central Enterprise email and password or federated sign-in.

If you choose federated sign-in, Sophos Central Enterprise verifies their identities using an identity provider.

You must be an Enterprise Super Admin.


If you want to use federated sign-in as your sign-in option, you must ensure that all your administrators are assigned to a domain and have an identity provider.

You must set up federated sign-in in this order:

  1. Verify a domain. See Verify a federated domain.
  2. Set up a federation identity provider. See Add an identity provider.
  3. Choose your sign-in settings. See Sophos sign-in settings.