Securing N‑central with N‑able SSO, Entra ID, and Adlumin

One of the reasons I love attending in-person events and visiting customers is the conversations. You pick up insights, tricks, and real-world stories you’d never stumble across if you were permanently stuck in the virtual world. A standout moment for me this year happened during lunch at Empower in Berlin, when Florian from one of our Austrian customers sat down next to me. What started as a casual chat quickly turned into a fascinating deep dive into how they’ve secured their N‑central environment using N‑able SSO, Entra ID, and Adlumin.

There had been plenty of buzz around the new features in N‑central, and rightly so. They unlock powerful new capabilities for partners. But a key requirement to accessing them is logging in to your N‑central server via N‑able SSO. For customers on hosted instances of N‑central, this is already the default. However, many self-hosted partners still rely on standard authentication methods or direct Entra ID integration. As a result, they’re missing out on the growing set of enhancements we are seeing in N‑central.

The fact that I know not all our customers are accessing these new features yet is exactly why I found Florian’s story so compelling. Not only is he leveraging N‑able SSO to access these enhancements in N‑central, he’s taken it a step further by combining it with Entra ID and Adlumin to create a highly secure, streamlined environment, both for his team and the customers they support.

When you’re using a remote monitoring or unified endpoint management solution like N‑central, securing that environment isn’t optional, it’s absolutely critical. These platforms sit at the heart of an MSP’s operations, with deep access into customer systems, networks, and endpoints. A breach wouldn’t just be catastrophic for the MSP; it could have devastating consequences for every client they serve. That’s why getting authentication, access control, and monitoring right is so important, and why Florian’s layered approach caught my attention.

The Challenge

That level of risk is exactly what makes securing access to N‑central so vital, and so complex. In the past, when Florian’s team hosted their own N‑central instance, they relied on tried-and-true methods like firewall-based IP and country restrictions. It worked well because they had full control over the infrastructure. And many self-hosted partners still follow this model today.

But things change when you move to a hosted environment. You no longer own or manage the underlying systems, so you can’t rely on network-layer controls like you used to. The challenge then becomes: how do you maintain  or even improve your security posture without that level of direct control?

The Solution

As shown in the diagram above, Florian’s team implemented a secure, layered login and monitoring process by combining N‑able MSP SSO, Microsoft Entra ID, and Adlumin. Here’s how the process works step by step:

• User login initiated on N‑central: The user attempts to access the N‑central server.
• Redirect to N‑able MSP SSO: The login request is first routed to N‑able’s centralized Single Sign-On system, enabling a unified authentication gateway.
• Federation to Microsoft Entra ID: N‑able SSO passes the login to Entra ID, which handles identity verification.
• Conditional Access Policies applied: Entra ID checks the login attempt against defined security policies such as country restrictions, device compliance, and risk signals.
• Two-factor authentication enforced: Microsoft Authenticator provides a second authentication factor, ensuring strong multi-factor security.
• Access granted back to N‑central: If all checks pass, the login is approved and the user is logged into the N‑central environment.
• Continuous monitoring with Adlumin: In the background, Adlumin’s managed detection and response (MDR) platform monitors authentication events in real-time. It detects abnormal login behaviour, such as unusual locations or repeated failures, and can alert the team or trigger automated defences.
• Transition from on-premises controls to cloud policies: Florian’s team replaced previous on-prem firewall-based country and IP restrictions with these cloud-native controls, achieving a more flexible and robust security posture for their hosted environment.

Florian’s setup is a great example of how customers can modernize their security strategy by combining the right technologies. By layering N‑able SSO with Microsoft Entra ID and Adlumin, they have built a flexible, cloud-ready authentication and monitoring system that meets today’s security demands, without compromising usability or control.

What makes this approach even more powerful is its applicability beyond just N‑central. N‑able SSO is leveraged across our portfolio of products, including N‑sight RMM, Cove, Mail Assure, Take Control, and more. That means the same secure, policy-driven login flow Florian implemented can be applied consistently across all your N‑able tools.

Layered Access, Stronger Security

If you’re still using standalone authentication or relying solely on on-prem controls, now is the time to modernize. By enabling N‑able SSO and federating with Entra ID, you can take advantage of Conditional Access, enforce MFA, and centralize security across your environment. And with solutions like Adlumin in place, you get the added benefit of continuous monitoring and response.

Whether you’re using N‑central, N‑sight, or any other part of the N‑able platform, securing access is step one. If you’d like help designing a setup like Florian’s, reach out to your Customer Success Manager or visit the N‑able documentation to get started.

Paul Kelly is the Head Nerd for N‑central at N‑able. You can follow him on Twitter at @HeadNerdPaul, LinkedIn and Reddit at u/Paul _Kelly. Alternatively you can email me direct.