Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/partner/help/en-us/index.html?contextId=sign-in

Sophos sign-in settings

You can allow your administrators to sign in using their Sophos Central Partner email and password, federated sign-in, or both.

You can set up custom rules for administrators who need different access.

Requirements

You must be a Partner Super Admin.

If you want to use federated sign-in, you need to set up a domain and an identity provider. You can assign a user to only one domain and one identity provider. See Set up Federated sign-in.

If you choose to use federated sign-in only as your sign-in option, you need to know the following:

  • You must ensure that all your administrators are assigned to a domain and have an identity provider.
  • Administrators can't reset their passwords. You need to turn off federated sign-in only so that they can reset their passwords.
  • If you change to using Sophos Central Partner email and password only, administrators won't have a password set up that they can use to sign in. They need to use "Reset Password" to set a new password and sign in.

Set up Sophos sign-in settings

Note

If you make changes to these settings, you're automatically added to a custom sign-in rule that allows you to sign in with your Sophos Central Partner email and password.

To choose how your administrators sign in, do as follows:

  1. Go to Settings & Policies > Sophos sign-in settings.
  2. Choose how you want your administrators to sign in.
  3. Add custom sign-in rules for specific administrators, if required.
  4. Click Save.

The options you choose here affect what your administrators see when they sign in. See Sign-in options.

Add custom rules

You can set up custom rules for administrators who need different access.

To do this, do as follows:

  1. Go to Settings & Policies > Sophos sign-in settings.
  2. Click Add custom rule.
  3. Add the administrators you want to make a custom rule for to Selected Users.
  4. Choose how you want them to sign in and click Save.

The rule appears in Sophos sign-in settings. It shows the name of the administrators and the sign-in settings that apply to them.

Expand Multi-factor Authentication Coverage

You must be a Partner Super Admin to use this feature.

Note

You can't turn this feature off after you turn it on.

Expand MFA Coverage: This setting enables an MFA prompt for managed users when they sign in to any Sophos Central applications that didn't previously require MFA. The managed users will get an MFA prompt when, for example, they sign in to the Self Service Portal, Partner Portal, or Sophos Support Portal if they previously didn't set up their MFA.

If a user has access to multiple Sophos portals, then any portal that opts in for expanded MFA coverage results in expanded MFA requirements for that user.

Make sure you click Save when you turn this setting on.