Skip to content

Configure federated authentication

To use federated authentication with Azure Active Directory (Azure AD), you must register Sophos Mobile as a Microsoft Azure application.

  1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the Microsoft Azure tab.
  2. Click Microsoft Azure registration wizard.

    The wizard guides you through the registration process in the Microsoft Azure portal and in Sophos Mobile Admin:

    1. Create an application for Sophos Mobile in the Microsoft Azure portal.
    2. Enter the application ID in Sophos Mobile.
    3. Upload the Sophos Mobile server certificate to your application.
    4. Register a reply URL for Sophos Mobile. Azure forwards users to this Sophos Mobile page after they’ve authenticated with Azure AD.
    5. Grant your application the required permissions.
  3. On the Sophos setup page, click the User setup tab.

  4. Select Azure AD federated authentication as user management mode.

    If federated authentication is not available, switch to None. No SSP, user-specific policies, or LDAP administrators available. first.

The Sophos Mobile server certificate for Microsoft Azure has a validity period of one year. You must renew it before it expires. See Renew Azure certificate.

Note

You can use the application for Sophos Mobile you’ve created in the Azure portal also for Intune app protection. Note that Intune app protection has additional licensing requirements. See Intune app protection.