Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
This Recommended Reads is Part 3 of the Series "Access the Sophos Firewall Web Admin from ZTNA.
Note: The information in this Recommended is relevant to syncing users in Sophos Central without following the full series, but you would need to check part 2.
Requirements
Sophos Central Administrator rights
Sync users in Sophos Central
The next step would be to sync the users/groups we set up previously so Central knows who will be accessing the resources.
To do that, go to Central, and once in the Dashboard click
1. Global Settings > Click Add Directory Service > In the new window, fill out the
Name = A meaningful name ( in our case Azure_noshutdown.ca)
Directory Tape = Azure Active Directory
Domain = yourdomain.com
Click Next.
In the new window, choose your preferred Sync schedule; I choose Every 6 hours (Default).
Note: If you choose None, you’ll have to manually click Sync anytime you want to sync Central with Azure
Now scroll down to Configure Azure directory sync settings
Here is where we’re going to enter the Client ID and Client Secret we got from Azure in Part 2
The Client ID you found in Azure in Home > yourdomain > App Registrations > All Applications
The Client Secret, you should have made a note of it, as it won’t show anymore in Azure; if you forgot or lost the Client Secret, you would just need to create a new secret
You need to enter the Value of the Secret ID, not the Secret ID
And the Client's secret expiration (Month/Day/Year)
To confirm all the information you entered is correct, click Test Connection, you should get a Test Connection window saying "Connection is verified successfully"
This is only the test, we haven't saved the Directory service yet.
Next, scroll down to Select users and groups to include in the synchronization
You have 4 options to filter, I personally recommend grouping all your users by different groups in Azure, and then in Central, select Add users by Group Filter.
You can find the Group ID in Azure under Azure > Home > yourdomain > Groups > All Groups
Copy it and Add it in Central.
Once that is done, scroll up and click Save (Note: this only saves the changes but doesn't apply them)
Next, Click "Turn On," and you should see a green success window popping up on the right bottom corner of your screen.
Finally, click Synchronize, and you’ll see a message in amber saying "synchronizing." after that is done, you would see the status updated with the number of users and groups synced; in our case, 1 Group and 1 User
If you go to People and filter by Groups and Show Directory Synced Groups, you should see your Azure group synced there
Same if you sync by Users and Directory Synced Users
Typo
[edited by: emmosophos at 7:50 PM (GMT -8) on 22 Dec 2023]