V17.5 user sync with Sophos Central EDR EAP no users listed in live users view?

Question

I am running a licenced XG v17.5 instance and my endpoint has Central EDR Eap running but im not seeing any users in the Live users view. I was under the impression that I should see users there that were reported from the Heartbeat sync? 
 What am i missing? 
 JK

FloSupport · Accepted Answer

Hi john_kenny 
 "Synchronized User ID will share domain user account information from the client machine the user is logged into with the firewall via Heartbeat. The Firewall will then check the user account against the configured AD server and activates the user. Synchronized User ID will only work with Active Directory configured as an authentication server in XG Firewall and it is currently supported for Windows 7 and Windows 10 machines . No agents are required on the server or clients, nor does it share or utilize any password information. Synchronized User ID does not work with other directory services, and it will not recognize local users. " 
 You will be able to see local users on your XG live users list, if you have configured a firewall rule that performs authentication via the captive portal. 
 Regards,

john_kenny · Answer

Ok just to update my original post, ive managed to get my Heartbeat User ID working with my AzureAD accounts. I used JumpClouds free directory as a service solution which syncs with my Office 365 Azure ad, then my XG authenticates via LDAP to JumpCloud. Now my Live Users are populated from the Endpoints heartbeat, so if anyone else wants to get Syncronised User ID working with Office 365 / AzureAd user accounts check out JumpCloud. 
 If anyone Wants more details on my setup PM me or reply to this thread. Or use the guide i used: - 
 https://support.jumpcloud.com/customer/en/portal/articles/2675239-configuring-sophos-firewall-to-use-jumpcloud-s-ldap-as-a-service 
 Also you will need to have Central syncing to your AzureAD which i had done already.

john_kenny · Answer

Sure that was the case for standard heartbeat but from the articles ive been given to read on 17.5 synchronized user id doesn't that information still need an Ad server to authenticate against against at some point? although i may be mistaken again there as at the mom there isn't enough info on how these new 17.5 xg features all work and work with each other. 
 In my case it wasn't until i had my XG's authentication source sorted that i saw the live user id show up from the heartbeat agents new user id ability. I had already had the old heartbeat working ok it was just the user id ability which was giving me issues?? 
 As i say hopefully well get more documentation soon to clear up my confusion on the matter for one. 
 But sophos will know best as paul says 
 But how Lucar states user id heartbeat auth should work was exactly how simple id hoped this heartbeat agents new synced user id would work i originally thought that this would allow me to see my usernames from my endpoints in XGs live active users without needing to have AD servers setup on XG (as i stated i am using AzureAD for auth) ie all that i would need would be the The latest Central EDR eap agent running and XG v17.5 but it wasnt as simple as id imagined. I am now sure im getting my wires crossed on how several of XGs new features work in V17.5 for one Synchronized user ID. Ill be sure to keep an eye out for anymore KB articles / Documentation on these, as i for one am really getting confused. lol

Paul Digby · Answer

I have success!!! So this is what I did precisely 1) Tested with LDAP - failed 2) Re-installed Endpoint 3) Tested with LDAP - failed 4) Change back to AD for authentication 5) Deleted the user (have done this a few times before) 6) Logged in once more and after a few minutes - success 
 So, I guess a combination of re-installing Endpoint, removing user and changing back from LDAP to AS authentication seems to have resolved the problem. Not conclusive, but hopefully helps someone. Continue to test repeatedly and will post results here

LuCar Toni · Answer

Sync User ID needs an configured AD server. 
 Local User does not work. 
 "It only requires that the Active Directory server is configured as an authentication server in XG Firewall."

Aditya Patel · Answer

Hi Paul, 
 True it will look for user details. In order to acheive this settings the following conditions must be met.. 
 1. The Sophos Central Account must be linked to Sophos XG firewall. 
 2. The XG firewall must be connected to the domain controller for authentication. 
 3. The Users in the Central must have the same Profile. e.g. In the Central account if the user Domain/Username instead of Normal User then their profile must contain the Email address . 
 4. Same Can be said on the local users on Sophos XG , use the Email address same as mentioned in the Central Profile. 
 On the Endpoint you may check the username on the Sophos Endpoint UI> About > Run Diagnostics tool. > System