This article provides frequently ask questions for Multi-Factor Authentication and Sophos Central Partner.
The following sections are covered:
Applies to the following Sophos product(s) and version(s) Sophos CloudSophos Central Partner
What did Sophos change in the login process?
Sophos is implementing Sophos ID with Single-Sign-On (SSO). Sophos Partners can now access the Partner Portal along with Sophos Central Partner, Sophos Community and SophServ, using a single ID. In addition, Multi-factor authentication has been implemented when the Partner Dashboard is accessed.
Why did we add multi-factor authentication (MFA)?
In the near future Partners will be able to manage sensitive devices through the Sophos Central Partner Dashboard and to provide additional security for for these devices we have added MFA.
What methods of authentication will be available for the second factor?
SMS (text to cell phone), Google Authenticator, and Email (with pin).
Note that Email with pin is the initial/default method you will configure to access the Partner Portal. It is recommended to additionally set up an alternative method as well, in the event you forget your pin.
What can I expect when I log in?
Login to the Partner Portal will look slightly different, but will still use your current user id and password for authentication. If enrollment for MFA has not been completed, you will be prompted to set up your authenticators. Logging in to the Partner Portal will simply be user id and password. Logging in to the Sophos Central Partner Dashboard will require Multi-Factor Authentication.
Why do I need a PIN to use email as an authenticator?
To protect against the case of a users email being compromised. Email can be used to reset the users password, giving an attacker the first factor of authentication. If the second factor were simply a code delivered by email, the attacker would not have all they need to access the system. The need to provide a PIN provides protection against this.
What if I forget my PIN?
If you have configured an additional method to log in (either SMS or Google Authenticator) (you may use that method to log in, then change your PIN to something new for future logins. See KBA 123526 for additional information related to these steps.
If you do not have an alternative method to log in configured, you will need to reach out to email@example.com to request a PIN reset process to be implemented. This process may take 1 or more days to fully complete as it requires additional security checks to ensure the person requesting the reset is validated.
I don't want to use MFA, How do I disable it?
MFA can not be disabled for security reasons.
Can I use Sophos Authenticator?
Sophos Authenticator is based on Google Authenticator and can be used.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.