Public preview: External authentication methods in Microsoft Entra ID
Published May 02 2024 02:00 PM 24.5K Views
Microsoft

Hi folks,

 

Today I’m thrilled to share that the public preview of external authentication methods in Microsoft Entra ID is scheduled for release in the first half of May. This feature will allow you to use your preferred multifactor authentication (MFA) solution with Entra ID.

 

Deploying MFA is the single most important step to securing user identities. A Microsoft Research study of MFA effectiveness showed that the use of MFA reduced the risk of compromise by more than 99.2%! Some organizations have already deployed MFA and want to reuse that MFA solution with Entra ID. External authentication methods allows organizations to reuse any MFA solution to meet the MFA requirement with Entra ID.

 

Some of you might be familiar with custom controls. External authentication methods are the replacement of custom controls, and they provide several benefits over the custom controls approach. These include: 

 

  1. External authentication method integration, which uses industry standards and supports an open model 
  2. External authentication methods are managed the same way as Entra methods 
  3. External authentication methods are supported for a wide range of Entra ID use cases (including PIM activation)

 

I've invited Greg Kinasewitz, Product Manager for Microsoft Entra ID, to tell you more about this new capability.

 

Thanks, and as always, let us know what you think!

 

Nitika Gupta

Group Product Manager

 

--

 

Hi folks,

 

Greg here. I’m super excited to walk you through some of the key capabilities of external authentication methods and readiness from partners. 

 

We’ve heard from some of you about wanting to use another MFA solution along with the power of Entra ID functionality like the rich features of Conditional Access, Identity Protection, and more.  Customers using Active Directory Federation Services (ADFS) with a deployment of another MFA solution have been vocal in wanting this functionality so they can migrate from AD FS to Entra ID. Organizations that are using the Conditional Access custom controls preview have given feedback on needing a solution that enables more functionality. External authentication methods enable your users to authenticate with an external provider as part of satisfying MFA requirements in Entra ID to fill these needs.

 

What are external authentication methods, and how do you use them?

 

External authentication methods can be used to satisfy MFA requirements from Conditional Access Policies, Privileged Identity Management role activation, Identity Protection risk-based polices and Microsoft Intune device registration. They’re created and managed as part of the Entra ID authentication methods policy.  This gives consistent manageability and experience with the built-in methods. You’ll add an external authentication method with the new “Add external method” button in the Entra Admin Center authentication methods management.

 

Figure 1: External authentication methods are added from and listed in authentication methods policies admin experience.Figure 1: External authentication methods are added from and listed in authentication methods policies admin experience.

 

When a user is choosing a method to satisfy MFA, external authentication methods are listed alongside built-in methods that the user can use.

 

Figure 2: External authentication methods are shown next to the built-in methods during sign-in.Figure 2: External authentication methods are shown next to the built-in methods during sign-in.

 

To learn more, check out our documentation.

 

What providers will support external authentication methods?

 

At launch, external authentication methods integrations will be available with the following identity providers. Please check with your identity provider to find out more about availability:

 

JMQuade_1-1714486563624.png

 

In addition to the providers that now have integrations in place, external authentication methods is a standards-based open model where any authentication provider that wants to build an integration can do so by following the integration documentation. 

 

We’re super excited for you to be able to start using external authentication methods to help secure your users, and we’re looking forward to your feedback!! 

 

If you want to learn more about these integrations, please visit the Microsoft booth at the RSA Conference next week. There will also be an RSA Conference session hosted by Microsoft Intelligent Security Association (MISA) where Duo will showcase their external authentication methods integration.

  

Register for our webinar on May 15 to learn more about external authentication methods, see demos, and join in the discussion.

 

Learn more about Microsoft Entra  

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds. 

13 Comments
Co-Authors
Version history
Last update:
‎May 02 2024 02:18 PM
Updated by: