Partner portal federated authentication

If I configure the partner site for authentication against Entra ID (formerly Azure AD), will local accounts still work? Asking in the event there is a communications issue with Microsoft.

What happens if there are duplicate user names? I'm manually configured with a login to the partner portal but I'm adding Entra ID and I have credentials there also.



Updated the tags
[edited by: Gladys at 2:38 PM (GMT -8) on 1 Jan 2024]
Parents
  • Hi David,

    Thanks for reaching out. 

    When Federated login is set up, the email address associated with the Entra ID will need to match that of the Admin in the Sophos Partner Dashboard or Sophos Central. This avoids issues with duplicated usernames. 

    The options on the sign-in settings page allow you to specify: 

    • Sophos Central Admin Credentials only
    • Federated credentials only
    • Sophos Central Admin or Federated credentials

    Let me know if this helps.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks Kushal. 

    I used this doc to setup.  
    doc.sophos.com/.../index.html

    I have federated only setup for my account and I cannot login (still have a logged in session in a different browser, so I'm still good. 

    Central password

    Entra ID password

    Never do I see an SSO login screen.


    I can change between the options, and can save.  Cannot remove the custom rule I created for my account or a test account.  

    Reset it back to Sophos Central Admin only and can't login still.

    So guess I'll reach out to support. Except now I cannot login to open a case.

    Sophos Firewall Engineer 16.0-20.0
    Sophos Firewall Architect 18.0-20.0
    Sophos Firewall Technician 18.0-20.0
    Sophos Central & Endpoint Architect 3.0-4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

  • To confirm, was this set up for authentication directly into the Sophos Partner Portal, or was this set up on one of the tenants? 

    I've also reached out to you via PM to follow up and assist. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Partner Portal

    Sophos Firewall Engineer 16.0-20.0
    Sophos Firewall Architect 18.0-20.0
    Sophos Firewall Technician 18.0-20.0
    Sophos Central & Endpoint Architect 3.0-4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

  • Got it worked out.  You click Add an identity provider, which tells you to add an identity provider. 

    You click the link to in that article to the next article "Use Microsoft Entra ID (Azure AD) as an identity provider". This page does NOT tell you how to do that on the Microsoft side, you have to scroll to the bottom and go to the next one, "Configure Microsoft Entra ID (Azure AD) to allow users to sign in using UPN). On Step 10, click Save and you are supposed to be able to sign in?  Nope.

    Then you have to back to the article "Add an identity provider" where it tells you to turn it on.  

    I don't know who wrote this but it's messy!

    Thanks,

    David

    Sophos Firewall Engineer 16.0-20.0
    Sophos Firewall Architect 18.0-20.0
    Sophos Firewall Technician 18.0-20.0
    Sophos Central & Endpoint Architect 3.0-4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Reply
  • Got it worked out.  You click Add an identity provider, which tells you to add an identity provider. 

    You click the link to in that article to the next article "Use Microsoft Entra ID (Azure AD) as an identity provider". This page does NOT tell you how to do that on the Microsoft side, you have to scroll to the bottom and go to the next one, "Configure Microsoft Entra ID (Azure AD) to allow users to sign in using UPN). On Step 10, click Save and you are supposed to be able to sign in?  Nope.

    Then you have to back to the article "Add an identity provider" where it tells you to turn it on.  

    I don't know who wrote this but it's messy!

    Thanks,

    David

    Sophos Firewall Engineer 16.0-20.0
    Sophos Firewall Architect 18.0-20.0
    Sophos Firewall Technician 18.0-20.0
    Sophos Central & Endpoint Architect 3.0-4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Children