Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-server-Azure

Microsoft Entra ID (Azure AD) server

The firewall supports Microsoft Entra ID single sign-on (SSO) authentication using OAuth 2.0/OpenID Connect (OIDC) protocol to sign in users accessing the internet through the captive portal and administrators signing in to the web admin console.

You can import all groups or only those that match specific attributes using the import group assistant. You can also apply schedule and traffic policies.

You can configure Microsoft Entra ID authentication as follows:

  1. To configure Microsoft Entra ID (Azure AD) in Azure Portal, see Configure Microsoft Entra ID (Azure AD) in Azure Portal.

  2. To add the server in the firewall, see Add a Microsoft Entra ID (Azure AD) server.

  3. (Optional) To import groups from Microsoft Entra ID, see Import groups.

  4. To allow the required URLs, see Allow Microsoft Azure URLs.

Note

To use Microsoft Entra ID authentication for services, such as web admin console, captive portal, user portal, and client authentication agent (CAA), you can also configure the firewall with Microsoft Entra ID using the Microsoft Entra ID Domain Services. See Sophos Firewall: Integrate Sophos Firewall with Microsoft Entra ID.

Videos

Configure Microsoft Entra ID SSO

Captive portal authentication