Federated Sign In - Setup consequences

Hi Andrew Thompson2 

Active Directory synchronization in your Sophos Central is different than federated sign-in option provided in the Sophos Central.

If you opt for Federated Sign-in, it will not remove your synced users from your Sophos Central account.

Federated Sign-in is just providing you with another way of authentication and Sign-in option to not to create another login for the users who are already in your AD.

AD sync will remain as it is in the Sophos Central.

Thanks Jasmin.

So we would end up with duplicate accounts in theory, since the Azure AD is the same as what's on prem (or am I reading that wrongly)?

I did read something about Enterprise users mentioned in https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ep_federatedsignin.html

Is this AD Enterprise admins or Central admin?

Hi Andrew Thompson2 

They are talking about Sophos Central Enterprise dashboard admins.

Central Enterprise dashboard is to manage multiple central consoles which are under different sub estates.

To know more about it, please refer to this guide.

Thanks.

I'm not really sure what is meant by this line though.

"If an administrator is also an Enterprise admin they can't use the same Microsoft sign-in credentials to sign in to both consoles."

Does this mean if our Enterprise admin uses the same credentials for both estates he will only be able to be that admin in one?

If so which?

Hi Andrew Thompson2 

In that statement, they are talking about the Sophos Central Enterprise console and Sophos Central Admin Console regardless of any sub-estates.

If you have enabled Sophos Central Enterprise Admin and any of your Sophos Central Admin console users are Enterprise Super Admin/ Admin, then above statement is applicable.

Hi Andrew Thompson2 

In that statement, they are talking about the Sophos Central Enterprise console and Sophos Central Admin Console regardless of any sub-estates.

If you have enabled Sophos Central Enterprise Admin and any of your Sophos Central Admin console users are Enterprise Super Admin/ Admin, then above statement is applicable.

Thanks Jasmin!

Just one more question.

By enabling federative services will that duplicate all of the users in Central?

Bearing in mind our on-prem AD is synced with Central and Azure.

The impression I'm getting here is that they will be two seperate estates and won't show up in the same console.

Hi Andrew Thompson2 

It will not duplicate all of the users in Central. It just provides you with another way of logging into the Sophos Central dashboard. It just shows those users who log into Sophos Central not all of the users. You synced users will be there without any change.

Enterprise Admin concept is different. Enterprise Super Admin can log into the Sophos Central Enterprise dashboard and Sophos Central Admin dashboard for any of the sub estates. Because of that, they have mentioned above two different consoles - Enterprise dashboard and Central Admin dashboard.