If you’ve set up federated authentication you can configure an LDAP connection
between Sophos Mobile and Azure Active Directory (Azure AD). You must do this if
you want to use Apple Business Manager, Google zero-touch, or Samsung KME.
The following devices enroll automatically with Sophos Mobile when users set
them up:
- Apple Business Manager managed iPhones, iPads, and Macs
- Android devices registered for Google zero-touch enrollment
- Samsung Android devices registered for Knox Mobile Enrollment (KME)
During the enrollment process, Sophos Mobile connects to Azure
AD to authenticate the user.
To configure an LDAP connection:
-
On the menu sidebar, under SETTINGS, click , and then click the LDAP connection tab.
-
Click Configure external LDAP.
-
On the Server details page, configure the
following settings:
-
In the Primary URL field, enter the IP
address or name of the primary directory server.
The server must support LDAPS (LDAP over SSL/TLS).
- Optional
In the Secondary URL
field, enter the IP address or name of a directory server Sophos Mobile uses as fallback in case the primary server isn’t
available.
-
In the User and
Password fields, enter the credentials
Sophos Mobile uses to authenticate with the LDAP server.
Use one of the following formats:
- <domain>\<user name>
- <user name>@<domain>.<domain code>
Note For security reasons, we recommend you select an account with no write permissions for
the directory.
-
On the Search base page, enter
the distinguished name (DN) of the search base object.
The search base object defines the location in the directory from which the LDAP search
begins.
-
Click Apply.
