Documentation

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recently, Microsoft added a function to Conditional Access called custom controls. Custom controls allow third-party integration into Conditional Access. This process involves having a registered application by the third party to be white-listed globally by Microsoft and then providing OpenID Connect (OIDC) endpoints for use by the Azure customer to call out to the third party's authorization process.

 


...

Anchor
Intended Audience
Intended Audience
Audience

This guide is intended for administrators who need to install and configure Microsoft Conditional Access for use with SecureAuth IdP.

 


...

Anchor
Prerequisites
Prerequisites
Prerequisites

...

  • Install a SecureAuth IdP appliance version 9.1 or 9.2 and configured one or more realms for that appliance (refer to  the SecureAuth IdP Realm Guide)
  • Configure the following tabs in the Secure Auth IdP Web Admin console before configuring any other tabs:
    • Overview: Define the description of the realm and SMTP connections.
    • Data: An enterprise directory must be integrated with SecureAuth IdP.
    • Workflow: Define how users access the target.
    • Multi-Factor Methods: Define the Multi-Factor Authentication methods that are used to access the target, if any.
  • Gain administrative access of Microsoft Azure.
  • Install and configure Internet Information Services (IIS) for Windows Server.
  • Set up Modern Authentication in your server environment. See the Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers article on the Microsoft website.
  • Contact Contact support@secureauth.com, open a support ticket, and mention "Tailoring - Conditional Access" if you will use this integration. Request the following items so you have them on hand during the configuration:
    • ASPX and code-behind pages (in "Configure SecureAuth IdP," step 4)
    • Import Rules (in "Configure SecureAuth IdP," step 5d)
    • JSON file (in "Configure Microsoft Custom Control," step 7)

 


...

SecureAuth IdP configuration steps

...


For more information about the URL rewrite rule, see the the Creating Rewrite Rules for the URL Rewrite Module  articlearticle, on the Microsoft website.

...

For information about editing the web.config file, see the the System Info Tab Configuration document.

10. Save all changes made to this configuration and exit.

 


...

Configure Microsoft Custom Control

...

7.  Enter the JSON provided by SecureAuth Support, then click Save. (Contact SecureAuth Support per the Prerequisites steps, if you did not already request this information.)

 


...

Create a Policy

Create a Microsoft Conditional Access policy.

...

4. Specify the users, apps, and controls that you want to assign the policy to.

5. Save your changes.

 


...

Test Microsoft Conditional Access with SecureAuth IdP

...

  1. Log in to Microsoft Teams: https://teams.microsoft.com
  2. Enter your email address in the following screen:
  3. Enter your password in the following screen:
  4. Select the kind of two-factor authentication method to use to log into Microsoft Teams. The following example shows the text message (SMS) method.
    Image Modified
  5. In the following screen, enter the one-time passcode that was sent to you:
    Image Modified
  6. The following Microsoft Teams screen is displayed if the configuration between Microsoft Conditional Access and SecureAuth IdP is successful.

    If you do not see this screen or if you receive an error message, contact SecureAuth Support.