Configure Sophos Mobile Self Service Portal user management

1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the User setup tab.

2. Under Device assignment, select what happens when you delete a user that is assigned to a device:

   • Unassign user from device: The user assignment is removed. The device status is not changed.
   • Unenroll and delete device: The device is unenrolled from Sophos Mobile and deleted.
   • Unenroll device: The device is unenrolled from Sophos Mobile. The device status is changed to Unenrolled.

   This setting is not available when you use external user management.

3. Under User management mode, select how Sophos Mobile manages user accounts:

   • None. No SSP, user-specific policies, or LDAP administrators available.: User management is turned off. You can’t assign users to devices and you can’t use Sophos Mobile Self Service Portal.
   • Internal directory: You create user accounts and user groups in Sophos Mobile.
   • External LDAP directory: Sophos Mobile uses user accounts and user groups from an LDAP directory.

   • Azure AD federated authentication: You create user accounts and user groups in Azure Active Directory (Azure AD). When users sign in to Sophos Mobile Self Service Portal, they authenticate with Azure AD.

     See Configure federated authentication.

4. For external user management, click Configure external LDAP to configure the connection to your LDAP directory.

   See Configure external directory connection.

5. Click Save.

After you’ve set the user management mode, you can’t switch directly to a different mode. Instead, select None. No SSP, user-specific policies, or LDAP administrators available. to make all options available again.