Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 6 replies
  • Subscribers 10 subscribers
  • Views 12770 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multi-factor Authentication for Sophos Central Admin

Gowtham Mani

Hi Everyone,

Multi-factor Authentication(MFA) is now avaiable for Sophos Central Admin. MFA provides an additional layer of security, in addition to first factor (password). MFA supports Google Authenticator and Sophos Authenticator for second factor. MFA is not mandatory for Sophos Central Admin.

MFA for Sophos Central Admin has an Opt-in/Opt-out feature that can only be controlled and managed by a Super Admin or a Sophos Partner with access to Sophos Central Admin.

For more details refer Sophos Central Admin: How to enable Multi-factor Authentication for a user.



This thread was automatically locked due to age.

  • A step in the right direction for authentication... 

     

    Any idea on when there will be SAML integration? (eg ADFS).

    Reasons being (besides the obvious ease of use and security benefits):

    •  AD Sync and Centrals logic for removal of accounts cannot really be trusted. I recently found a user who left the company, had their account disabled, still maintained their Sophos Central account with admin permissions. (Support advised this was working as designed).
    • Self Service Portal is practically useless if the users cant login using AD credentials. This is important for retrieving recovery keys when needed. 

  • Hi there

    I can see how to set users up so they are required to use MFA but I don't see how I pair up my phone for use with the Google Authenticator. Am I missing something? I have't applied the requirement to use MFA to my account as I don't want to get locked out. Maybe it only appears after I apply it? This article seems like it should cover it but I don't think it does.

  • in reply to charles kavazy

    I have found out that setting up the authenticator occurs on the next login in after adding users to the requirement for MFA. works fine.

  • in reply to charles kavazy

    Hi Charles,

     

    Once you enabled the MFA for central, the subsequent login window will automatically appear to register for MFA enrollment process with Google Authenticator/Sophos Authenticator.

    Check out Sophos Central Admin: How to enroll in Multi-factor Authentication for more details.

    hope it helps.

     

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • in reply to Gowtham Mani

    There seems to be problems with being sent emails when you choose the email security code option. 


    I find they are being sent sometimes, not every time. I can see the email never even gets sent to our email gateway, so I am sure it is on the Sophos side. 

     

    Can you please look into this?

  • in reply to LRB

    Okay, it seems to have stopped working for us -

    I set up a new admin account and no email sent, tried to get security codes, no email sent. It was working yesterday morning. 

    Anyone else having this issue?

Unfiltered HTML