How to Enable Multi-factor Authentication in Sophos

In this post I will show you how to enable Multi-factor Authentication in Sophos central. Using this guide, the Sophos Central Super Admin can enable MFA for his account or for other Admins.

If you have recently configured the Sophos Central, note that Multi-Factor Authentication will now be enabled by default. This applies for newly created Sophos Central accounts.

In addition, you have the option to not enroll to MFA at the time of Trial Activation.

What is Multi-factor Authentication ?

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors. This is to gain access to a resource such as an security application, online account, or a VPN.

Rather than just entering a username and password, MFA requires one or more additional verification factors. This decreases the likelihood of a successful cyber attack.

MFA supports Google Authenticator and Sophos Authenticator for the additional layer of security.

How to Enable Multi-factor Authentication in Sophos

  • Log in to Sophos Central Admin console with a Super Admin account.
  • In the left pane, click Global Settings.
  • Under General, click Multi-factor Authentication (MFA).
  • Select either All admins need MFA or admins who will need MFA.
How to Enable Multi-factor Authentication in Sophos
How to Enable Multi-factor Authentication in Sophos

Sophos Multi-factor Authentication Options

When you go to Global Settings and Multi-factor authentication you will find three options.

  • No MFA needed. (Sign in with password only) – While the MFA is not mandatory for Sophos Central Admin, this is an insecure option. Selecting this option will allow admins to login with just their credentials.
  • All admins need MFA – If you wish to enable MFA for all your admin accounts, this is the best option.
  • Select admins who will need MFA (All others sign in with password only) – If you select this option, you must manually add the admins who will need Multi-factor authentication. This also means the users whom you exclude will have to sign in with just password.

Leave a Reply

Your email address will not be published. Required fields are marked *