Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-server-entra-id-add-redirect-uri

Add redirect URIs to Microsoft Entra ID

You must add the firewall's redirect URIs to Microsoft Entra ID to authenticate administrators and users through Microsoft Entra ID single sign-on (SSO).

Requirement

You must configure a Microsoft Entra ID server in the firewall. See Add a Microsoft Entra ID (Azure AD) server.

Add redirect URIs to Microsoft Entra ID

To authenticate administrators and users through SSO, you must add the firewall's redirect URIs to Microsoft Entra ID.

  1. In the firewall, go to Authentication > Servers and click your Microsoft Entra ID server.

  2. Copy the URLs of the firewall services for which you want to configure SSO:

    • Web admin console URL
    • Captive portal URL
    • VPN portal and remote access URL. This applies to VPN portal and remote access IPsec and SSL VPNs.

  3. In the Azure Portal, go to Home > Microsoft Entra ID > App registrations, and click the application you created for the firewall.

  4. Go to Manage > Authentication.
  5. Click Add a platform and click Web.
  6. Under Redirect URIs, paste the URLs you copied.
  7. Click Configure.

To continue with the configuration, see Allow Microsoft Azure URLs.