This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ZTNA and Azure MultiTennant with Central

Hi,

we've a main company with multiple daughters. All are in the same AD. But in Azure every daughter has an own tennant (and needs it because of external branding) and each tennant provisioned by "Azure Active Directory Connect" .

We are also provisioning the daughters from the same Sophos Central (Intercept, Firewall).

ZTNA can only auth against Azure (We don't want to Octa!). In Sophos Central it's only possible to add one tennant.

So, the daughters wouldn't get the heartbeat for ZTNA.

Is there an solution for one AD with mulitple tennants?

Regards

Henry



This thread was automatically locked due to age.
Parents
  • Do you have any kind of Relationship between those tenants? So are they in one subscription within Azure? Because you could give the APP registration the permission to query the entire Azure AD (cross tenant). 

    __________________________________________________________________________________________________________________

  • Only a federation between the tennants.

  • Currently you can only use one Azure AD Account per ZTNA Instance. So if there is no relationship between those accounts, we cannot use the other accounts. 

    BTW: I am not sure, if the approach of using one Central Account for all Companies is even the right approach for this construct. If they are separate instances and companies, mixing data between in one tenant within Central could be problematic (from a legal / data privacy perspective). 

    __________________________________________________________________________________________________________________

Reply
  • Currently you can only use one Azure AD Account per ZTNA Instance. So if there is no relationship between those accounts, we cannot use the other accounts. 

    BTW: I am not sure, if the approach of using one Central Account for all Companies is even the right approach for this construct. If they are separate instances and companies, mixing data between in one tenant within Central could be problematic (from a legal / data privacy perspective). 

    __________________________________________________________________________________________________________________

Children