Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-server-entra-id-import-groups

Import groups

You can import all groups or only those that match specific attributes through the assistant. You can also apply schedules and traffic policies.

API permission

To import groups, you must add the following API permission on Microsoft Entra ID:

  1. Sign in to Azure Portal.
  2. Go to Microsoft Entra ID and select the server.
  3. Click App registrations and select the application configured for the firewall.
  4. Click API permission > Add a permission.
  5. Click Microsoft Graph > Application permissions and add the Group.Read.All permission.

  6. Click Grant admin consent for your organization and click Yes.

    API permission.

Import user groups

To import groups, go to Authentication > Servers and click Assistant for importing groups Import button. for the Microsoft Entra ID server.

You can import all groups or import groups that match the attributes you specify, such as Display name and Description.

You can apply the following policies to all groups or to individual groups:

  • Surfing quota
  • Access time
  • Network traffic
  • Traffic shaping

Important

You must synchronize the time between the firewall and Microsoft Entra ID. Otherwise, the connection may fail.

Note

If you use remote access IPsec or SSL VPN, make sure to add the new groups to your VPN policies.