Microsoft has a feature in their Azure stack called Conditional Access. This feature allows Azure customers to apply policies to either the log-in process to Office 365 or specific apps and tiles within Office 365/Azure. Using this feature, Azure customers can restrict access to applications, such as Outlook, SharePoint, and others, based on several different factors.
Recently, Microsoft added a function to Conditional Access called a 'custom control'. These custom controls allow third-party integration into Conditional Access. This process involved having a registered application by the third-party to be white-listed globally by Microsoft and then providing OpenID Connect (OIDC) endpoints for use by the Azure customer to call out to the third-party's authorization process.
This guide is intended for those end-users and customers who require information on installing and configuring Conditional Access for use with SecureAuth IdP.
Before configuring this, you must have completed the following items:
- Have administrative access of Microsoft Azure
- Have installed a SecureAuth IdP appliance version 9.1+ configured one or more realms for that appliance
- Have Internet Information Services (IIS) for Windows Server installed and configured
- If you are interested in this integration, contact firstname.lastname@example.org , open a support ticket, and mention "Tailoring - Conditional Access"
Configuring SecureAuth IdP
To configure SecureAuth IdP for use with Microsoft Conditional Access, perform the following procedure:
11. Save all changes made to this configuration and exit.
Configuring Microsoft Custom Control
To create a new custom control for Microsoft Conditional Access, perform the following steps.
Creating a New Policy
To create a new policy for this configuration in Conditional Access, follow these steps: