Microsoft Entra External Authentication Method Integration
An external authentication method (EAM) lets users choose an external provider to meet multifactor authentication (MFA) requirements when they sign to Microsoft Entra ID. Incode has developed an authentication method that requires user to verify their identity as part of login process. Requirements for this verification are configured in the Workforce Settings. This guide shows how to configure identity verification as MFA in Microsoft Entra.
Microsoft Entra Requirements
- An active Entra ID P1 or P2 subscription is required.
- An Entra ID administrator account with appropriate privileges.
Step by step guide (Estimated setup time: 10min)
Set up Microsoft Entra Integration in Workforce Dashboard
- Workforce Dashboard Create Microsoft Entra Integration: In your Workforce dashboard, navigate to Integrations and click New Integration. Choose Microsoft Entra integration and click Continue.
- Workforce Dashboard Configure Integration: Give your integration a name so that you can recognize it in the Workforce Dashboard. Copy Client ID, Discovery Endpoint and App ID to your Microsoft Entra. Save your integration.
Set up External Authentication Method in Microsoft Entra
- Go to your Microsoft Entra instance and log in as an administrator. Go to Protection-> Authentication Methods-> Policies
- Add external method: Click + Add External Method (Preview) and fill out authenticator details. Note that this feature is only available with P1 or P2 Entra license
- Name: Give name to your authentication method, eg. Incode Workforce. This is the name your users will see when selecting an authentication method during Entra login.
- Copy Client ID, Discovery Endpoint and App ID from your Workforce integration and paste them into the respective fields.
- An Application ID is a multitenant application from Incode, which is used will be used for authentication. You need to provide admin consent for this application in your tenant.
- Configure and Save:
- Click Request permission to grant admin consent for Incode Workforce authenticator. Check the Consent on behalf of your organization checkbox and click Accept.
- Toggle Enable to On.
- Click + Add Target to select users or groups that you want to use Incode Workforce authenticator as an external authentication method. By default, the policy applies to all users.
- Click Save
Learn more
- Microsoft Entra External authentication method Learn more about External Authentication methods Microsoft Entra learning centre
- Microsoft Entra Conditional Access Learn about conditional access policies and how to assign different authentication methods for different use cases. Microsoft Entra Learning Centre
- Enable only one MFA method To set up Incode Workforce as the only authentication method you must change security details. Learn more about it on Microsoft Entra Learning Centre
Updated 7 days ago