Operation: Add Azure AD SSO server / Edit Azure AD SSO server
Description: Add or update Azure AD SSO servers. 

Sample Configuration
<AzureADSSO> <ServerName>ADSSO</ServerName> <ApplicationID>fa7fc787-011e-4398-812f-3152d8843320</ApplicationID> <TenantID>10657f8b-d541-41a5-8e25-a8d7cbb9d4dd</TenantID> <ClientSecret>12345abcdead</ClientSecret> <RedirectURI>FQDN or IP address of SFOS</RedirectURI> <DisplayName>upn</DisplayName> <EmailAddress>email</EmailAddress> <FallbackUserGroup>Open Group</FallbackUserGroup> <UserType>Administrator</UserType> <RoleMapping> <IdentifierTypeAndProfile> <identifiertype>roles</identifiertype> <identifiervalue>role.admin</identifiervalue> <profileid>Administrator</profileid> </IdentifierTypeAndProfile> </RoleMapping> </AzureADSSO>



Parameter Mandatory Default Description
ServerNameYes  
Name of the server.
ServerName confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Character not allowed: Comma (,)
  • Maximum characters allowed are 50.
  • UTF-8 character(s) are allowed.
ApplicationIDYes  
Application (client) ID. Copy it from Azure portal > App registrations.
ApplicationID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • ADSSOAPPANDTENANTID
  • Maximum characters allowed are 50.
TenantIDYes  
Directory (tenant) ID associated with an organizational directory. Copy it from Azure portal > App registrations.
TenantID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • ADSSOAPPANDTENANTID
  • Maximum characters allowed are 50.
ClientSecretYes  
The password used by the firewall to authenticate its SSO server connection with the Azure application. Copy it from Azure portal > App registrations > Certificates & secrets.
ClientSecret confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 50.
RedirectURIYes  
FQDN or IP address of the firewall.
RedirectURI confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 200.
DisplayNameYes  
Enter "upn". The firewall uses the UserPrincipalName (UPN) to create the user's display name locally.
DisplayName confines to:
  • Type is 'SCALAR'.
  • Only 'upn' are allowed.
EmailAddressYes  
Enter "email".
EmailAddress confines to:
  • Type is 'SCALAR'.
  • Only 'email' are allowed.
UserTypeYes  
Type of user.
UserType confines to:
  • Type is 'SCALAR'.
  • Only 'User', 'Administrator' are allowed.
identifiertypeYes  
For administrators, enter "roles" or "groups".
identifiertype confines to:
  • Type is 'SCALAR'.
  • Only '$IDENTITY{IDENTIFIERGROUPS}', '$IDENTITY{IDENTIFIERROLE}' are allowed.
identifiervalueYes  
Role configured in the Azure portal under App roles.
identifiervalue confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
profileidentifierYes  
Administrator profile for the matching role or group.
profileidentifier confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
FallbackUserGroupYes  
User group to assign if the firewall doesn't find a matching user group locally.
FallbackUserGroup confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.



Operation   Status   Message
Add Azure AD SSO server200
Add Azure AD SSO server500
Add Azure AD SSO server502
Add Azure AD SSO server503
Edit Azure AD SSO server200
Edit Azure AD SSO server500
Edit Azure AD SSO server502
Edit Azure AD SSO server503

© Copyright Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.