Use TFP as External Authentication Method for Microsoft Entra ID

In this use case, you configure the platform as an external authentication method for Microsoft Entra ID (formerly Azure AD) using OIDC.

Goals

  • Enable your users to use the platform as external authentication method for MFA purposes.

Prerequisites

Before you start work on this use case, ensure you have these prerequisites:
  • Access to your development environment as an administrator.

  • A test Microsoft Entra ID environment with at least a P1 license.

  • An admin with the Privileged Role Administrator or Global Administrator role in Microsoft Entra ID.

  • A test user in Advanced Identity Cloud to serve as the application owner for the custom OIDC (Microsoft Entra ID) application.

  • The use case matches a user from Microsoft Entra ID to a test user in Advanced Identity Cloud. Specifically, make sure the test user’s frIndexedString1 attribute in Advanced Identity Cloud matches the Object ID attribute for the user in Microsoft Entra ID.

Task 1: Create an application

Create a new OIDC Web App (Human Identities > Applications > OpenID Connect ) with the following config:

{
  "client_id": "auto-generated",
  "client_name": "Your External Authentication Method Displayname",
  "redirect_uris": [
    "https://login.microsoftonline.com/common/federation/externalauthprovider"
  ],
  "subject_type": "public",
  "grantType": "implicit",
  "response_type": "id_token",
  "response_mode": "form_post",
  "token_endpoint_auth_method": "none,
  "id_token_signed_response_alg": "RS256",
  "scope": "openid",
  "claims_supported": [
    "email"
  ],
}

Task 2

The next task is to prepare Microsoft Entra ID to serve as a Relying Party (RP) and use the created OpenID Provider (OP) as an external authentication method.

Next Steps

  • Enroll users into MFA in the platform

Last updated

Was this helpful?