azure ad

Hi guys,

I'm already on your path for more than a year and I still cannot authenticate users on sophos xg using AD on Azure.

I'm using also AADDS but STAS doesn't work because AADDS has limited functionalities.

For Sophos: Please launch a modern authentication mechanism that is able to interact with AzureAD directly. We're no longer using local AD Servers (last 2Y).

Thanks.

Antonio

I've got sophos synced with azure ad. U do need to sync with central first but then u alter the app manifests on azure apps to get ur groups right.

Should have said its coming in xg v17.5 so if ur not up for coding it is coming

Thanks John for the tip.

And for those without Sophos Central?

Cheers,

António Soares

I'd recommend getting sophos central and xg with aandstorm it's so worth it.  The new isolation is great which used to require central heartbeat but now central will do an admin isolation with xg its great and v17. 5 has so many new features it's going to be very hard to beat as a product

Hi,

Thanks again for the tip.

I've registered my devices in Central but I have no option for AzureAD integration. I do however have a sync tool available for AD.

Cheers,

António Soares

Hi John,

I would really need your help to configure the Azure AD to integrate on the on-premise Sophos XG firewall v18 MR1.

We do not have an On-premise Domain controller.

Users are already synchronized on Central form Azure AD.

How do i alter the app manifests to get the groups right?

Hi John,

I would really need your help to configure the Azure AD to integrate on the on-premise Sophos XG firewall v18 MR1.

We do not have an On-premise Domain controller.

Users are already synchronized on Central form Azure AD.

How do i alter the app manifests to get the groups right?

Azure AD is a feature, which is currently on the roadmap to be integrated in for the future. 

As Azure AD could be integrated as a Standard LDAP product, unlucky the answers by Azure AD breaks to the common AD. 

So this is currently not possible to integrate a Azure AD. 

Simple midterm solution would be to create a small azure appliance and integrate this as a DC with AD Sync. Therefore you can talk to the AD, which is running in the cloud. 

LuCar Toni,

Thank you once again for your response.

I do not plan for a VM, just want to be in the cloud.

I have Azure AD Sync with Sophos Central and all the users imported from Azure AD and the computers joined to the Azure AD.

Can the XG firewall support modern authentication like Sophos Central, so the users can be imported to the XG firewall since the they are already on Sophos Central?

I have been looking for a workaround.

Have to revert to Mac Address and Client Agent Auth.

How soon can this feature be developed by the engineering team? Many XG customers need this.