Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 12 subscribers
  • Views 18669 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duplicate Users in Sophos Central and Mapping user accounts to AD accounts - Azure AD Sync

Ali Ogden

We are trialling Sophos Central with a view to making a purchase really soon. Initially we didn't have any Active Directory Sync set up and user accounts were added to Sophos Central in the format Domain\Username automatically when the Endpoint protection client was installed. Today we set Azure AD Sync to import user and group information. This all worked fine and all directory information is now present in Sophos Central. However when logging in to a device which has Sophos Endpoint Advanced installed it shows the logged on user as the account that was originally created before the directory sync in the format Domain\username, rather than the Azure AD Sync usernames which are in the format username@domain.com. Effectively there are 2 accounts for users in the domain.

How do we get Sophos Central use the info synced from Azure AD to recognise the logged on user accounts rather than those that were originally created? The synchronisation of data from Azure AD is pretty useless if it can't recognise which user is logged on to a device. Can anyone provide any advice on this?

Thanks   



This thread was automatically locked due to age.
Parents
  • 0

    HI Ali , 

    We do have reports of the issue you are facing , But you may check the  KB article and verify the setting . I would also advise you to contact support and let us know the service request number via DM , also message me the link to this thread 

    https://sophos.com/kb/125424 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya,

    The Azure AD Sync settings are correct and the KB you posted is the one I used to set it up. Synchronisation seems to be working perfectly. Here are some photos of the issue including firstly the duplicate login and the fact that Sophos Central is detecting the old Domain\Username login as the one which is logged onto the device:

    I have discovered that this issue can be mitigated by adding the Domain\Username duplicate login to the logins section of the user account as shown below and then deleting the Domain\Username from the people list:

    This is however not really acceptable to us as with over 300 users there is a considerable amount of admin time required to match these duplicates to the AD synced names. We would also need to keep an eye on this every time a new user is added to the network. I did speak to the support team briefly about this last week, but will raise a new ticket referring to this thread as I have been able to provide additional info here.

Reply
  • 0 in reply to Aditya Patel

    Hi Aditya,

    The Azure AD Sync settings are correct and the KB you posted is the one I used to set it up. Synchronisation seems to be working perfectly. Here are some photos of the issue including firstly the duplicate login and the fact that Sophos Central is detecting the old Domain\Username login as the one which is logged onto the device:

    I have discovered that this issue can be mitigated by adding the Domain\Username duplicate login to the logins section of the user account as shown below and then deleting the Domain\Username from the people list:

    This is however not really acceptable to us as with over 300 users there is a considerable amount of admin time required to match these duplicates to the AD synced names. We would also need to keep an eye on this every time a new user is added to the network. I did speak to the support team briefly about this last week, but will raise a new ticket referring to this thread as I have been able to provide additional info here.

Children
Unfiltered HTML