Share SafeGuard Enterprise key ring with mobile devices managed by Sophos Mobile

Encryption keys in the SafeGuard Enterprise key ring can be made available in the Sophos Secure Workspace app. Users of the app can then use the keys to decrypt and view documents, or to encrypt documents.

Key rings are synchronized between SafeGuard Enterprise and Sophos Mobile. No keys are stored on the Sophos Mobile server. Only the Sophos Secure Workspace app can decrypt the keys.

Requirements

These requirements must be met for key ring synchronization:

  • You have set up the integration in the SafeGuard Enterprise Management Center.
  • You use Sophos Mobile 6.1 or higher.
  • You have configured external user management for the Sophos Mobile Self Service Portal as described in the Sophos Mobile documentation, using the same Active Directory user database that is configured in SafeGuard Enterprise.
  • Sophos Secure Workspace is managed by Sophos Mobile.
  • You have set up the integration in Sophos Mobile.
  • In order to have the key ring available in Sophos Mobile, users have to log on at least once to SafeGuard Enterprise.

Features on mobile devices

Key ring synchronization includes these features:

  • The keys from a user's SafeGuard Enterprise key ring are available in the Sophos Secure Workspace key ring (SSW key ring).
  • Users can continue to use local keys that were available in their SSW key ring before you set up key ring synchronization.
  • After you set up key ring synchronization, users cannot create new local keys.
  • For security reasons, the keys from the SafeGuard Enterprise key ring are removed from a device when the Sophos container is locked.

For details, see Display recovery keys in SSW and Manage keys in SSW.