Configure Sophos Mobile Self Service Portal user management
- On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the User setup tab.
-
Under Device assignment, select what happens when you delete a user that is assigned to a device:
- Unassign user from device: The user assignment is removed. The device status is not changed.
- Unenroll and delete device: The device is unenrolled from Sophos Mobile and deleted.
- Unenroll device: The device is unenrolled from Sophos Mobile. The device status is changed to Unenrolled.
This setting is not available when you use external user management.
-
Under User management mode, select how Sophos Mobile manages user accounts:
- None. No SSP, user-specific policies, or LDAP administrators available.: User management is turned off. You can’t assign users to devices and you can’t use Sophos Mobile Self Service Portal.
- Internal directory: You create user accounts and user groups in Sophos Mobile.
- External LDAP directory: Sophos Mobile uses user accounts and user groups from an LDAP directory.
-
Azure AD federated authentication: You create user accounts and user groups in Azure Active Directory (Azure AD). When users sign in to Sophos Mobile Self Service Portal, they authenticate with Azure AD.
-
For external user management, click Configure external LDAP to configure the connection to your LDAP directory.
-
Click Save.
After you’ve set the user management mode, you can’t switch directly to a different mode. Instead, select None. No SSP, user-specific policies, or LDAP administrators available. to make all options available again.
Restriction
You can’t change the user management mode in the following situations:
- You have users assigned to devices.
- You have users assigned to Apple Business Manager apps.