So, this still hasn't been done (link at bottom of post).
For users to access the SSP, we have to send all users an email link, they have to sign up for a Sophos Central account, set a password, go through all the MFA requirements and then once that is done, Federated Sign in will work. They can forget the password and delete the MFA because they'll never need it again.
This is extremely frustrating from a user perspective. If Sophos did as Toni suggested (which is a good one) and just randomly generate a password, then the user could log straight in without having to do anything.
What is really strange, is that if you edit a user and assign them any sort of admin role, they can just go straight to https://central.sophos.com/manage and sign in with Federated Signin and away they go - no need to create an account in Central at all, it just works.
Here's what even stranger still. You can create a new role, with read-only access to a product you don't have and assign all users to that role, then they can log in to SSP without having to be emailed a link and setup a Sophos Central account. But then they have access to the Dashboard which is annoying, and every single time you create a new user, you have to remember to go in to Central and assign the user to that dummy account.
If central.sophos.com/manage creates an account automatically, why can't SSP?
Original thread for reference: Sophos Central and Azure AD federation setup and behaviour
Added tags
[edited by: Gladys at 2:51 PM (GMT -7) on 3 Jul 2023]
