This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central and Azure AD federation setup and behaviour

I've setup the Sophos Central Azure AD federation and am slightly puzzled by the process and behaviour.

It seems like an Admin or Standard user still has to create a password in Sophos Central before the Microsoft integration will work.

So, I’m not understanding the purpose of this integration if a user needs to create a password for Sophos Central anyway. It does defeat the purpose of a user using existing credentials. The user object already existed in the Sophos Central console so why did we need to create a password?

Other products that use Azure AD integration are happy to match against account ID without having to have the user create a password that is not used.

This thread was automatically locked due to age.

Parents

0 Yashraj S over 5 years ago

Hi balletbob

Sophos Central grants access to sensitive security options that when granting to anyone else, can be catastrophic from a security standpoint. Hence it requires a set of credentials to make it even more secure. But if you want to put in a suggestion wherein there should be no need creating separate accounts in Sophos Central once you integrate Azure AD, then I would request you to raise a feature request.

Thanks,

Yashraj Singha
Manager | Global Community Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 balletbob over 5 years ago in reply to Yashraj S

Hi Yashraj,

I'm not sure how forcing a local Sophos password (which is then not used) is any more secure than just Azure AD?

Either way, the user has to exist in Azure AD and in the case of Admin permissions, you have to explicitly define the user as an Administrator in Sophos Central.

Thanks

Damien
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 balletbob over 5 years ago in reply to Yashraj S

Hi Yashraj,

I'm not sure how forcing a local Sophos password (which is then not used) is any more secure than just Azure AD?

Either way, the user has to exist in Azure AD and in the case of Admin permissions, you have to explicitly define the user as an Administrator in Sophos Central.

Thanks

Damien
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 balletbob over 5 years ago in reply to balletbob

feature request submitted.

https://ideas.sophos.com/forums/428821-sophos-central/suggestions/37814357-don-t-require-creation-of-local-sophos-password-wh
Cancel
Vote Up 0 Vote Down

Cancel