I’ll demonstrate how to enable multi-factor authentication in Sophos Central in this post. Using this guide, the Sophos Central Super Admin can enable MFA for his account or for other admins.
Those of you who have recently configured Sophos Central should be aware that Multi-Factor Authentication is now turned on by default. This applies to newly created Sophos Central accounts. Additionally, you have the choice to decline MFA enrollment at trial activation.
You can implement multi-factor authentication using hardware or software tokens. You must link software tokens to an authenticator application, such as any third-party authenticator on a mobile device or tablet. When users log on, they must provide a password and a passcode.
What is Sophos Multi-factor Authentication?
Sophos Multi-factor Authentication (MFA) is a way to log in that requires the user to provide two or more ways to verify their identity. This is done in order to access a resource like a security program, an online account, or a VPN. MFA requires more than just a username and password. Instead, it needs one or more other ways to confirm the user’s identity.
Sophos Multi-factor authentication (MFA) feature increases the Sophos accounts’ security by adding an extra layer of verification when logging in. Setting it up requires an Authenticator app (such as Sophos Authenticator, Google Authenticator, Microsoft Authenticator, etc.), and a recovery method such as secondary email or mobile number.
Note: Sophos Authenticator is reaching the End of Life (EOL) on July 31, 2022. Users setting up multi-factor authentication for the first time can no longer download Sophos Authenticator. They must use another authenticator application, such as the authenticator feature of Sophos Intercept X, Google Authenticator, or any other third-party application
How to Enable Multi-factor Authentication in Sophos
You can enable Sophos multi-factor authentication with following steps:
- Log in to Sophos Central Admin console with a Super Admin account.
- In the left pane, select Global Settings.
- Under General, select Multi-factor Authentication (MFA).
- Select either All admins need MFA or admins who will need MFA.
Sophos Multi-factor Authentication Options
When you go to Global Settings and Multi-factor Authentication, you will find three options.
- No MFA needed. (Sign in with password only) – While the MFA is not mandatory for Sophos Central Admin, this is an insecure option. Selecting this option allows admins to log in with just their credentials.
- All admins need MFA – If you wish to enable MFA for all your Sophos admin accounts, this is the best option. Do not forget to inform all the admins via email about this new option being enabled.
- Select admins who will need MFA (All others sign in with password only): If you select this option, you must manually add the admins who will need Multi-factor authentication. This also means the users whom you exclude will have to sign in with just password.