If I configure the partner site for authentication against Entra ID (formerly Azure AD), will local accounts still work? Asking in the event there is a communications issue with Microsoft.
What happens if there are duplicate user names? I'm manually configured with a login to the partner portal but I'm adding Entra ID and I have credentials there also.
Hi David,
Thanks for reaching out.
When Federated login is set up, the email address associated with the Entra ID will need to match that of the Admin in the Sophos Partner Dashboard or Sophos Central. This avoids issues with duplicated usernames.
The options on the sign-in settings page allow you to specify:
Let me know if this helps.
Thanks Kushal.
I used this doc to setup.
doc.sophos.com/.../index.html
I have federated only setup for my account and I cannot login (still have a logged in session in a different browser, so I'm still good. 
Central password
Entra ID password
Never do I see an SSO login screen.
I can change between the options, and can save. Cannot remove the custom rule I created for my account or a test account.
Reset it back to Sophos Central Admin only and can't login still.
So guess I'll reach out to support. Except now I cannot login to open a case.
Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Central & Endpoint Architect 3.0, 4.0
Sophos Central Email v2.0
Sophos Mobile v9.6
Sophos ZTNA 1.0, 2.0
Synchronized Security Accredited
Sophos Gold Partner
Thanks Kushal.
I used this doc to setup.
doc.sophos.com/.../index.html
I have federated only setup for my account and I cannot login (still have a logged in session in a different browser, so I'm still good.
Central password
Entra ID password
Never do I see an SSO login screen.
I can change between the options, and can save. Cannot remove the custom rule I created for my account or a test account.
Reset it back to Sophos Central Admin only and can't login still.
So guess I'll reach out to support. Except now I cannot login to open a case.
Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Central & Endpoint Architect 3.0, 4.0
Sophos Central Email v2.0
Sophos Mobile v9.6
Sophos ZTNA 1.0, 2.0
Synchronized Security Accredited
Sophos Gold Partner
To confirm, was this set up for authentication directly into the Sophos Partner Portal, or was this set up on one of the tenants?
I've also reached out to you via PM to follow up and assist.
Got it worked out. You click Add an identity provider, which tells you to add an identity provider.
You click the link to in that article to the next article "Use Microsoft Entra ID (Azure AD) as an identity provider". This page does NOT tell you how to do that on the Microsoft side, you have to scroll to the bottom and go to the next one, "Configure Microsoft Entra ID (Azure AD) to allow users to sign in using UPN). On Step 10, click Save and you are supposed to be able to sign in? Nope.
Then you have to back to the article "Add an identity provider" where it tells you to turn it on.
I don't know who wrote this but it's messy!
Thanks,
David
Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
Sophos Central & Endpoint Architect 3.0, 4.0
Sophos Central Email v2.0
Sophos Mobile v9.6
Sophos ZTNA 1.0, 2.0
Synchronized Security Accredited
Sophos Gold Partner
Thanks for following up to share your solution.
Feedback is always appreciated as well. We'll look into updating the documentation so it's easier to follow along.
