This article provides a description how to connect a Sophos Mobile server to a Google Cloud Directory using secure LDAP.
Applies to the following Sophos product(s) and version(s) Sophos Mobile
IMPORTANT NOTE After you set up or change LDAP access and permissions for Google Cloud Directory it can take Google Cloud Directory up to 24 hours to apply the changes.
Activate LDAP access to your Google Cloud Directory
Sign in to the Google Admin console at https://admin.google.com.
Use your Google super administrator account, and not your personal Gmail account.
Configure access permissions
On the Access permissions page activate all three options.
You can allow either all users of your domain or members of selected organizational units only. Then you can use all Sophos Mobile features with users from Google Cloud Directory like the self-service portal, admin portal, placeholder replacement and so on.
Click ADD LDAP CLIENT to proceed.
Download the client access certificate
After the access permissions page you can download a client certificate that is used to authenticate the Sophos Mobile server. Only with this certificate, you can access your Google Cloud Directory. A zip archive with two certificate files is created automatically. Download it and save it for later use.
Click CONTINUE TO CLIENT DETAILS.
Create access credentials
Sophos Mobile requires credentials to connect to LDAP servers. Click Access credentials, GENERATE NEW CREDENTIALS and your credentials will be created and presented to you. Save them for later use.
Use Stunnel as a proxy
The LDAP authentication with client certificates requires the use of a software like Stunnel. Please follow these steps to configure it appropriately:
Switch the LDAP client to On
To switch the service status to On perform the following steps:
Establishing connection between Sophos Mobile and Google Cloud Directory
You are now ready to use Sophos Mobile with users from your Google Cloud Directory
Related information / See also
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.