This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to sync Active Directory with Sophos Central Mobile ???

Sophos is pushing its customers to migrate from Sophos Mobile Control (on-prem) to Sophos Central Mobile.

Looks like there is a tool that you can install on your network that will read your Active Directory, encrypt it and push it into Sophos Central. Works great.

So now how do you get your Active Directory into Mobile, which now lives inside of Central?

Why can't Mobile in turn read the info from Central?

 

If you log into Sophos Central and go to People, you'll see your Active Directory users.

If you then click on Mobile, it doesn't look like you can pull in any AD users.

If you go to Mobile > Setup > Sophos Setup there is a tab called 'LDAP Connection'.

Apparently you have to enter your LDAP server, but since AD is internal-only, there's no way to get Sophos Mobile to connect to Active Directory. Which begs the question - why would Sophos provide a tool to get AD into Central but then no way to further push that info into Mobile (which lives inside of Central)? Is this half-baked or am I missing something? I've spent HOURS with Sophos support and so far no one can figure this out. 



This thread was automatically locked due to age.
Parents
  • Hi  

    If your Sophos Central user accounts are coming from Active Directory (AD), it is possible to configure LDAP connection with Mobile and AD. As you already mentioned you have provided the details under Sophos Setup> Configure LDAP. You can refer to the details mentioned here. May I have a look at the case which you have already registered? Please PM me the case number. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • "As you already mentioned you have provided the details under Sophos Setup> Configure LDAP"

    Hi Shweta thanks for getting back to me. Actually, I have NOT entered the details under Configure LDAP and that's exactly my point. My LDAP Server is Active Directory which (by design) should NEVER be exposed outside of your internal network. This is exactly where things come to a stop. 

    It seems in order to sync with on-prem Active Directory you have to go like this:   [Active Directory] > [Sophos Central] > [Sophos Mobile Central]

    Sophos has a tool which allows you to sync Active Directory to Sophos Central. But now how do I get these same users into Sophos Mobile?

    I will PM you the case number.

  • Update:

    In Sophos Mobile Central, if your Default DEP Profile has the 'Assign User to Device' option selected, then the iPhone will prompt the user to log in (on the Remote Management screen). Note: This needs to be a SOPHOS CENTRAL login, not an Active Directory account.

    Have the user go to https://central.sophos.com/manage/self-service and sign up for an account using their work email address. Then on the phone, on the Remote Management screen, log in using these credentials.

    Optionally to skip this part, uncheck the 'Assign User to Device' option in the Default DEP Profile. This will allow you to skip past the login prompt but then when the phone is up and running for the first time, you'll want to have the user sign into their AppleID since this is a requirement to download any apps from the App Store. Then the SMC app can be installed.

Reply
  • Update:

    In Sophos Mobile Central, if your Default DEP Profile has the 'Assign User to Device' option selected, then the iPhone will prompt the user to log in (on the Remote Management screen). Note: This needs to be a SOPHOS CENTRAL login, not an Active Directory account.

    Have the user go to https://central.sophos.com/manage/self-service and sign up for an account using their work email address. Then on the phone, on the Remote Management screen, log in using these credentials.

    Optionally to skip this part, uncheck the 'Assign User to Device' option in the Default DEP Profile. This will allow you to skip past the login prompt but then when the phone is up and running for the first time, you'll want to have the user sign into their AppleID since this is a requirement to download any apps from the App Store. Then the SMC app can be installed.

Children
No Data