Skip to content

Use Microsoft AD FS as an identity provider

You can add Microsoft AD FS as an identity provider.

You can use Microsoft AD FS to verify the identities of your administrators when they sign in to Sophos Central Partner. You need to add Microsoft AD FS as an identity provider to do this.

Requirements

You must be a Partner Super Admin.

Warning

If you want to use federated sign-in as your sign-in option you must make sure that all your administrators are assigned to a domain and have an identity provider.

You must verify a domain first. See Verify a federated domain.

AD FS is a service provided by Microsoft on Windows Server. It allows you to authenticate using existing Active Directory credentials.

If you want to use AD FS as an identity provider, you must do the following:

  • Ensure you have an AD FS server.
  • Ensure that your Sophos Central administrators are in the Active Directory forest that you want to use for authentication.
  • Ensure that the emails in the forest match those assigned to your administrators in Sophos Central Partner.
  • Get consent and authorization from your AD admin to use your organization's AD with Sophos Central.
  • Find your Microsoft AD FS metadata URL.

Microsoft AD FS metadata URL

You need to know your Microsoft AD FS metadata URL before adding Microsoft AD FS as an identity provider. To find this, do as follows:

  1. Go to Federation Metadata Explorer.
  2. Follow the on-screen instructions to get your AD FS metadata.
  3. Make a note of your Microsoft AD FS metadata URL as you need this to set up AD FS as an identity provider.

You can now add AD FS as an identity provider. See Add an identity provider.

For general help on Microsoft AD FS, see AD FS help.