Sophos Central - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Sophos Central using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Sophos Central, ensure you meet the following requirements:
- Sophos Central admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Sophos Central are registered in your IdP and have the necessary permissions to access Sophos Central.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Sophos Central - SSO Configuration
Step 1 - Configure Sophos Central as the Service Provider (SP)
- Log into Sophos Central as a Super Admin.
- Navigate to General Settings > Verify Domains.
- In Federated Domains, click Add domain.
- Enter the correct domain and click Save.
- On the Verify Domain Ownership screen, select Copy beside the TXT Record.
- Log into your DNS Manager for the appropriate domain and create a TXT Record.
- Return to General Settings > Verify Domains.
- Under Verification Status, select Verify domain ownership.
- If successful, the domain will display as verified along with the last date of verification.
- Navigate back to General Settings > Federated Identity Providers.
- Select Add Identity Provider and complete the fields below:
| Field | Value |
|---|---|
| Name | Multi-Pass |
| Type | OpenID Connect |
| Vendor | Other |
| Vendor Name | Multi-Pass |
| Client ID | sophos-central |
| Issuer | https://ca.auth.kzero.com/realms/<TENANT_NAME> |
| Authz endpoint | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/auth |
| JWKS URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/openid-connect/certs |
- Select your verified domain under Configure Domains.
- Check IDP enforced MFA under Confirm Identity provider MFA enforcement.
- Click Save
Step 2 - Configure Multi-Pass as the Identity Provider (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, then click on Applications.
- Under the custom integration section, select OIDC.
- Complete the fields below:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | sophos-central |
| Name | Sophos Central |
| Description | Sophos Central OIDC Integration |
| Client Authentication | ON |
| Home URL | https://central.sophos.com |
| Valid Redirect URIs | https://login.sophos.com/login/callback |
- Click Add Integration.
- Go to the Advanced Console by clicking on the right side of your screen.
- Click on Client and search for Sophos Central.
- Ensure all fields are populated as shown below:
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | sophos-central |
| Name | Sophos Central |
| Description | Sophos Central SSO Integration |
| Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Root URL | https://central.sophos.com |
| Valid Redirect URIs (ACS) | https://central.sophos.com/* |
| Admin URL | https://central.sophos.com/ |
Capability Config
| Setting | Value |
|---|---|
| Client Authentication | ON |
| Authentication Flow | Standard & Implicit Flow |
Related Articles
N-Central (N-Able) - SSO configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...OpenID Connect (OIDC) SSO Integration Guide
This guide provides a general overview and step-by-step instructions for configuring OpenID Connect (OIDC) authentication between Multi-Pass (IdP) and a third-party Service Provider (SP). OIDC is a modern identity layer built on top of OAuth 2.0 that ...Azure EAM - MPAS integration
This documentation has been tested and approved by Kelvin Zero's team This document will outline the steps required to enable MPAS as an external authentication method in Microsoft Entra ID. To set up Multi-Pass, ensure you meet the following ...Mendix - SSO Configuration
This document has been tested and approved by Kelvin Zero Inc This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mendix using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Outsystems (Apps) - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...