New Sophos Central login experience coming soon

6 Dec 2021

[Updated 12/7/2021 - Clarity regarding MFA]

Hi, everyone -

We wanted to give you a heads up about a new Sophos Central login experience that will be launching early next year.

Beginning in mid-January when logging in, users will enter only their email address, at which point one of three things will happen depending upon their federation status:

Local login/non-federated: The user will simply enter their password and proceed to multi-factor authentication (MFA)
Federated login only: The user will be passed to their identity provider to complete the login
Both: The user will be able to choose whether to enter their password/MFA or proceed to the identity provider login

We plan to gradually roll out this new login experience starting in the middle of January, with the goal of completing the rollout by the end of January.

Parents

ESMsw09 over 2 years ago

I was actually hoping to hear more about 2FA integration with more providers like DUO to enable push notification/authentication. I'm really hoping SOPHOS isn't abandoning 2FA because my organization is moving to require all vendors we work with to support 2FA/MFA and we won't be able to partner with vendors that don't support this important security feature.

Please provide an update on the SOPHOS 2FA/MFA roadmap.
- Cancel
- Vote Up +2 Vote Down
- Sign in to reply
- More
- Cancel

Comment

ESMsw09 over 2 years ago

I was actually hoping to hear more about 2FA integration with more providers like DUO to enable push notification/authentication. I'm really hoping SOPHOS isn't abandoning 2FA because my organization is moving to require all vendors we work with to support 2FA/MFA and we won't be able to partner with vendors that don't support this important security feature.

Please provide an update on the SOPHOS 2FA/MFA roadmap.
- Cancel
- Vote Up +2 Vote Down
- Sign in to reply
- More
- Cancel

Children

Chris Thompson1 over 2 years ago in reply to ESMsw09

MFA (multi factor auth) is a superset of 2FA (two factor authentication.
You could have >2 factors required for auth depending on the security requirements of the system following the basic idea of 'something you know, something you have, something you are' from the original paper: www.cs.cornell.edu/.../NNLauthPeople.html
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel
ESMsw09 over 2 years ago in reply to Chris Thompson1

I understand that MFA is a superset of 2FA, but that doesn't really address the point I made. Is SOPHOS planning to integrate MFA with more providers like DUO to enable push notification/authentiation? This latest announcement suggests that we can use an identify provider like DUO or Microsoft or Google. I'm looking forward to hearing the details.
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel
MichaelOwens over 2 years ago in reply to ESMsw09

I dont use DUO, but I know this already works with Microsoft and Goggle's authenticator app.

And while you can't use push notifications for your 2nd factor, you get something even smoother with this federation feature if you have SSO setup through O365.
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel