Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/partner/help/en-us/index.html?contextId=sign-in-Azure-AD

Use Microsoft Entra ID (Azure AD) as an identity provider

You can use Microsoft Entra ID (Azure AD) as an identity provider.

You can use your Microsoft Entra ID (Azure AD) instance to verify the identities of your administrators when they sign in to Sophos Central Partner. You need to add Microsoft Entra ID (Azure AD) as an identity provider to do this.

If you want to use Microsoft Entra ID (Azure AD) as an identity provider, find your Tenant ID for your Microsoft Entra ID (Azure AD) instance. We need this to verify your users and administrators.

Requirements

You must verify a domain first. See Verify a federated domain.

You must be a Partner Super Admin.

Warning

If you want to use federated sign-in as your sign-in option, you must ensure that all your administrators are assigned to a domain and have an identity provider.

You must do the following before you can add Microsoft Entra ID (Azure AD) as an identity provider:

  • Ensure you have a Microsoft Entra ID (Azure AD) account with Microsoft. Microsoft Entra ID (Azure AD) is Microsoft’s cloud-based identity and access management service.
  • Get consent and authorization from your Microsoft Entra ID (Azure AD) admin to use your organization's Microsoft Entra ID (Azure AD) with Sophos Central.
  • Ensure you have a Sophos Central Partner account that matches your Microsoft Entra ID (Azure AD) account (the emails must match).

A Microsoft Entra ID (Azure AD) administrator must grant consent (permission) to use the credentials stored in your organization's Microsoft Entra ID (Azure AD) tenant to sign in to Sophos Central.

This consent applies to all Sophos Central products.

When a Microsoft Entra ID (Azure AD) administrator gives consent, it means your Microsoft Entra ID (Azure AD) tenant trusts Sophos Central, and you can add Microsoft Entra ID (Azure AD) as your identity provider.

For help with granting consent in Azure, see Consent experience for applications in Microsoft Entra ID (Azure AD).

Find your Tenant ID

You need to know the Tenant ID for your Microsoft Entra ID (Azure AD) instance before you can add Microsoft Entra ID (Azure AD) as an identity provider.

To find this, do as follows:

  1. Go to your Microsoft Entra ID (Azure AD) configuration and open Custom domain names.

  2. Make a note of the ID for your Tenant Domain.

    You'll need to enter it when you set up Microsoft Entra ID (Azure AD) as an identity provider.

You can now add Microsoft Entra ID (Azure AD) as an identity provider. See Add an identity provider.