Two-factor authentication for Microsoft Entra ID External Authentication Methods (EAM)

Overview

The LoginTC Entra ID EAM integration allows you to use LoginTC as an external authentication method for Entra ID, including for any third-party application that uses Entra ID as an identity provider.

Subscription Requirement
Your organization requires the Business or Enterprise plan to use the Entra ID EAM integration. See the Pricing page for more information about subscription options.

Architecture

Authentication Flow

  1. A user attempts to access an Entra ID protected resource from a browser with their username / password
  2. A Conditional Access policy redirects the user’s browser to LoginTC
  3. The user is presented with LoginTC authentication methods
  4. An authentication request is made to LoginTC Cloud Services
  5. The user response (approval or denial of request) is sent to LoginTC Cloud Services
  6. The user approval is sent back to Entra ID
  7. Entra ID validates the response and redirects the user to the protected resource
Prerequisites

Before proceeding, please ensure you have the following:

  • LoginTC Admin Panel account
  • Microsoft Entra ID tenant with P1 or P2 licenses assigned to users
Create Application

Create a new Application in the LoginTC Admin Panel and connect it to your Entra ID tenant:

  1. Click on Applications in the side menu
  2. Type in Entra
  3. Click on Microsoft Entra ID EAM
  4. Scroll down to the Microsoft Entra ID EAM Integration section on the newly-created application
  5. Click on Connect
  6. Sign in to Microsoft with an Entra ID administrator account
  7. Review the required permissions and select Consent on behalf of your organization
  8. Press Accept
Configure Entra ID

Use the Microsoft Entra ID EAM Integration details displayed on the connected LoginTC application to create an Entra ID External Authentication Method:

  1. Scroll down to the Microsoft Entra ID EAM Integration details section
  2. Open the Microsoft Entra admin center
  3. Click on Authentication methods under Protection
  4. Click on the Add external method (Preview) button
  5. Enter LoginTC for the name
  6. Copy and paste the Client ID, Discovery Endpoint, and App ID values from the LoginTC application page
  7. Ensure that Enable is toggled on
  8. Target all users (or specific users and groups)
  9. Press Save
  10. LoginTC will be added to the list of authentication methods

Create a new conditional access policy in your Entra ID tenant to require MFA for access:

  1. Click on Conditional Access under Protection
  2. Click on New policy
  3. Give the policy a name
  4. Select one or more users or groups
  5. In the Grant section, select Require multifactor authentication
  6. Save the policy
Usage

End users will be prompted to log in with LoginTC when they log in to Entra ID or any application that uses Entra ID as its identity provider:

  1. The user accesses an application (such as office.com)
  2. The user enters their Entra ID username
  3. The user enters their Entra ID password
  4. The user is presented with Entra ID configured multifactor authentication options
  5. After clicking on LoginTC, the user is redirected to LoginTC and presented with their LoginTC authentication methods
  6. After successfully authenticating with LoginTC, the user is redirected back to the application
Troubleshooting

Email Support
For any additional help please email support@cyphercor.com. Expect a speedy reply.

Start your free trial today. No credit card required.

Sign up and Go