Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Google Directory Synchronization

What’s new – July 26, 2023

We have released a new feature, Google Directory Synchronization in Sophos Email. Using this feature, you can synchronize information about users and groups from the Google Directory Service.
Watch the video attached at end of this post to familiarize yourself with the feature.

Applies to the following Sophos products
Sophos Email Advanced

Note: This feature is currently available only for Sophos Email Advanced customers. It will be made available for other Sophos Central products (watch this post for an update on expected timeline).

In this post the following sections are covered:
How To Setup
How To Synchronize
How To Manage
Demo Video

How to setup

To setup Google directory sync, you need to navigate to Directory Service in settings and add a directory service. Then, you should fill up the form as shown in the screenshot below.

Next, in the Settings page, you need to first accept the two terms of service of Google, as numbered in the screenshot below, before you attempt to connect to your Google directory.

When you connect to your Google directory, you should sign-in to your Google account using your admin credentials. Then, as indicated in the screenshot below, you will be required to grant access to Sophos by selecting the checkbox.

When you click continue, Sophos Central will establish connection with your Google directory and present a confirmation, as shown in the screenshot below.

After the connection is established, you will be required to authorize the access to Google’s OAuth scopes using Google admin console as pointed to in the screenshot below. The relevance of numbering in the screenshot is explained in next paragraph.

To authorize access, you will need to add a new client in the Google admin console as shown in the screenshot below. You will be required to fill in two fields – Client ID and OAuth scopes, which are numbered (4) and (5) respectively in both the screenshots above and below. You need to copy the strings from the Sophos Central console to the respective fields in the Google admin console, and then authorize.

Once authorized, you can test connection. When the test is successful a confirmation will be presented, as shown in the screenshot below.

How to synchronize

Once the connection is successfully verified, you are ready to synchronize users and groups from your Google directory into Central Email. The following screenshot has been numbered to indicate the functionalities that you can choose and the order in which they should be applied.
(6) – You can choose to sync all users and groups or filter them by group or user filters
(7) – You can preview whether the users and groups are getting sync-ed properly
(8) – Once you’re ready to synchronize, ensure that you’ve set the synchronization schedule properly
(9) – Then, you can turn on the synchronization

Once you turn on, the synchronization will happen according to the schedule you have setup. You can also manually sync by clicking on the Synchronize button. You would not be able to edit the settings when sync is in progress as shown in the screenshot below.

How to manage

You’ll require to turn off the synchronization, if you want to purge the data or delete the connection with Google, as shown in the screenshot below.

To delete the connection, you will first need to disconnect your Google directory, a process that requires you to sign in to Google with your same admin credentials.

Watch the video