Sophos Firewall v19.5: Azure AD SSO for Webadmin login
Credit to Author: Chris McCormack| Date: Tue, 25 Oct 2022 15:55:17 +0000
With Sophos Firewall v19.5 firmware now available for early access, we are coving one of the top new features every week leading up to launch.
In last week’s article, we covered the new Xstream TLS FastPath feature that provides a free performance boost.
This week’s focus is on the new integration of Azure Active Directory (Azure AD) with Sophos Firewall for single sign on to the Webadmin console.
Azure AD is Microsoft’s multi-tenant, cloud-based identity and access management (IAM) service. It takes care of authentication and authorization of user and application identities. It’s the infrastructure that allows employees to sign in and access external resources, such as those held in Microsoft’s 365 service, an ever-growing list of other SaaS applications, as well as resources on corporate networks, now including Sophos Firewall.
With more and more Sophos customers migrating to the cloud, this has become a top requested feature. It provides a number of benefits for any organization already utilizing Azure AD for directory services or those considering the move to Azure AD.
Azure AD integration with Sophos Firewall provides a simple, elegant, and consistent solution for managing admin credentials, access, and roles for Sophos Firewall, Sophos Central, and other Sophos products like ZTNA, along with all the other resources that you may be utilizing Azure AD for authentication. Now you effectively have a single identity control plane with full visibility and control across your entire environment.
The Azure ID capabilities utilized for this integration are part of the free tier of Azure AD and our implementation takes advantage of Open ID Connect and OAuth 2.0 for optimal security.
With Azure AD becoming more popular, administrator authentication is just the first of many Azure AD integrations we have on the roadmap for future releases. Ultimately the goal is to integrate all user-facing access services with Azure AD as well as other popular identity providers.
Azure AD integration enables dynamic role and group access management: you can add or remove access to administer the firewall in Azure without changing anything on the firewall. The options for role mapping are extremely flexible, allowing you to have multiple administrators with different roles and privileges. You can easily audit role and access permissions for security compliance and utilize the same security and password policy and controls across your IT infrastructure, including MFA.
Setup is very straightforward, requiring a few items to be configured on Azure AD which are then utilized in the authentication setup on Sophos Firewall.
Watch this video for a full walk-through of setting up, using, and trouble-shooting this great new feature:
Check out all the new features in v19.5
Sophos Firewall OS v19.5 includes a ton of great new capabilities. Check out the full list of what’s new in this What’s New PDF download.
Early access
Start taking advantage of all the great new features in SFOS v19.5 today and help us make this release the best it can be by participating in the early access program. Visit the SFOS v19.5 EAP registration page to get started.
Sophos Firewall OS v19.5 EAP1 is a fully supported upgrade from any v18.5 firmware as well as v19, including the very recent v19 MR1 build 365 release.
Once you’re up and running, please provide feedback through your Sophos Firewall’s feedback mechanism (top right of every screen on your Firewall). Also visit our EAP community forums to share your experiences with others.