Federated authentication with Azure Active Directory (Azure AD) is an alternative user management mode to internal and external (LDAP) user management.
When users sign in to Sophos Mobile Self Service Portal, there is a fundamental difference between external user management and federated authentication:
- With external user management, users authenticate with Sophos Mobile using their LDAP credentials.
- With federated authentication, users authenticate directly with Azure AD.
This has the following advantages:
- Azure AD supports modern sign-in features such as multi-factor authentication, smart card authentication, or certificate-based authentication.
- Cross-platform single sign-on: Users only sign in once to access Sophos Mobile Self Service Portal and other applications and resources you’ve configured for Azure AD authentication.
- You don’t need to open ports 389 (LDAP) or 636 (LDAPS) for the communication between Sophos Mobile and your LDAP server.