Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-entra-id-upgrade-SFOS

When you upgrade to SFOS 22.0

When you upgrade to SFOS 22.0 and later, the firewall automatically turns on Microsoft Entra ID (Azure AD) SSO for VPN services that use the firewall authentication method.

For example, if your VPN portal, IPsec VPN, or SSL VPN authentication methods are set to Same as firewall in Authentication > Servers, SSO is turned on for these services when you upgrade to SFOS 22.0 and later.

SSO for remote access VPN

To enforce SSO for remote access VPN, you must do as follows:

  1. On the firewall's web admin console, go to Authentication > Servers.
  2. Click your Microsoft Entra ID server configuration.

  3. Under Redirect URI, copy the VPN portal and remote access URL.

    VPN portal and remote access URL.

  4. Paste the URL in the application you created for the firewall in Microsoft Entra ID. See Add redirect URIs to Microsoft Entra ID.

    Note

    If you're configuring Microsoft Entra ID in the firewall from Sophos Central, don't use the Sophos Central reverse SSO URL.

  5. Make sure you meet the other requirements. See Remote access VPN.