Forum Discussion

gwendal55's avatar
gwendal55
Copper Contributor
Feb 12, 2020

identity space

 Do you how to redirect user' Office 365 access request  to a secure Gateway ? I try to configure user's authentication through a secure Gateway before they acess to the tenant Office 365.I provide 5 screen shot to describe the process. Where must the administrator configure this redirection : in OWA ? Azure AD ? in Office 365 administration ? in PowerShell ? I Don't know how to do the same a

Azure Active Directory (AAD)
Identity Management
microsoft 365

3 Replies

  • Claus Witjes's avatar
    Claus Witjes
    Brass Contributor
    Feb 12, 2020

    gwendal55 

     

    Well, actually the mentioned screenshots in your post are missing (or not displayed to me), so I can only guess how your "process" looks like and what you finally trying to achieve. Especially what do you understand under the term secure gateway ?? A cloud proxy solution, a CASB system, a federation service, hmm 😉

     

    As every O365 tenant finally depends on Azure AD as identity provider  I would say the starting point for configuring "authentication" is Azure AD. There are different approaches.

     

    For example, supported AuthN methods for Hybrid Identity deployments are described under https://docs.microsoft.com/en-us/azure/active-directory/hybrid/

     

    • gwendal55's avatar
      gwendal55
      Copper Contributor
      Feb 13, 2020

      Claus WitjesHere are the screen shot describing the process from screenshot1 to screenshot 5. It would works without federation.  I try to find out how it works. So as to repeate the same process for other tenant. Thanks

      • Claus Witjes's avatar
        Claus Witjes
        Brass Contributor
        Feb 16, 2020

        gwendal55 Well, I think you need to contact your vendor (Apria) in order to figure out how to connect the gateway with Azure AD. If you are working for Apria.. you might want to get in touch with MS directly (Developer Support).

         

        The website http://www.apriarsa.fr/public/portal/public/apriarsa.html does not provide much information to me personally (might be wrong) .. anyway I can not speak/read french. 

         

        Microsoft Conditional Access has the capability to integrate with "custom controls". See documentation here.

        https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls#custom-controls-preview

         

        Apria is not explicitly listed here... RSA (https://community.rsa.com/docs/DOC-81278) yes.

         

        Providers currently offering a compatible service include:

        • https://duo.com/docs/azure-ca
        • https://www.entrustdatacard.com/products/authentication/intellitrust
        • https://mobileconnect.io/azure/
        • https://documentation.pingidentity.com/pingid/pingidAdminGuide/index.shtml#pid_c_AzureADIntegration.html
        • https://community.rsa.com/docs/DOC-81278
        • https://docs.secureauth.com/pages/viewpage.action?pageId=47238992#
        • https://www.silverfort.io/company/using-silverfort-mfa-with-azure-active-directory/
        • https://help.symantec.com/home/VIP_Integrate_with_Azure_AD
        • https://resources.eu.safenetid.com/help/AzureMFA/Azure_Help/Index.htm
        • https://www.trusona.com/docs/azure-ad-integration-guide

         

        This basically requires the Apria Secure Gateway solution to be registered in Azure AD (usually an App Registration + Conditional Access Custom Control config).  I have personally configured this scenario with Ping Identity (PingID) as 2FA provider and can say it works as expected.