Sophos ZTNA: Access Sophos Firewall Web Admin from ZTNA (Part 3: Sync users in Sophos Central)

DisclaimerThis information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


This Recommended Reads is Part 3 of the Series "Access the Sophos Firewall Web Admin from ZTNA.
Note: The information in this Recommended is relevant to syncing users in Sophos Central without following the full series, but you would need to check part 2


Sophos Central Administrator rights

Sync users in Sophos Central

The next step would be to sync the users/groups we set up previously so Central knows who will be accessing the resources.

To do that, go to Central, and once in the Dashboard click

1. Global Settings >  Click Add Directory Service  > In the new window, fill out the 

Name = A meaningful name ( in our case

Directory Tape = Azure Active Directory 

Domain =

Click Next.

In the new window, choose your preferred Sync schedule; I choose Every 6 hours (Default).

Note: If you choose None, you’ll have to manually click Sync anytime you want to sync Central with Azure

Now scroll down to Configure Azure directory sync settings

Here is where we’re going to enter the Client ID and Client Secret we got from Azure in Part 2

The Client ID you found in Azure in Home > yourdomain > App Registrations > All Applications

The Client Secret, you should have made a note of it, as it won’t show anymore in Azure; if you forgot or lost the Client Secret, you would just need to create a new secret

You need to enter the Value of the Secret ID, not the Secret ID

And the Client's secret expiration (Month/Day/Year)

To confirm all the information you entered is correct, click Test Connection, you should get a Test Connection window saying "Connection is verified successfully"

This is only the test, we haven't saved the Directory service yet. 

Next, scroll down to Select users and groups to include in the synchronization

You have 4 options to filter, I personally recommend grouping all your users by different groups in Azure, and then in Central, select Add users by Group Filter.

You can find the Group ID in Azure under Azure > Home > yourdomain > Groups > All Groups 

Copy it and Add it in Central.

Once that is done, scroll up and click Save (Note: this only saves the changes but doesn't apply them)

Next, Click "Turn On," and you should see a green success window popping up on the right bottom corner of your screen.

Finally, click Synchronize, and you’ll see a message in amber saying "synchronizing." after that is done, you would see the status updated with the number of users and groups synced; in our case, 1 Group and 1 User

If you go to People and filter by Groups and Show Directory Synced Groups, you should see your Azure group synced there

Same if you sync by Users and Directory Synced Users

[edited by: emmosophos at 7:50 PM (GMT -8) on 22 Dec 2023]