Third-party authentication coming to Microsoft Entra ID in public preview

In an effort to bolster security measures for user identities, Microsoft Entra ID (formerly known as Azure Active Directory) is set to unveil the public preview of external authentication methods in the first half of May. This upcoming feature is designed to enable users to integrate their preferred multifactor authentication (MFA) solutions with Entra ID, marking a significant stride in enhancing identity protection.

The importance of deploying MFA is evident, with studies showcasing its effectiveness in reducing the risk of compromise by over 99.2 percent, according to research conducted by Microsoft. Recognizing the varying needs of organizations already utilizing MFA solutions, the introduction of external authentication methods aims to facilitate the seamless integration of these existing systems with Entra ID, thereby streamlining security protocols.

Digital identity providers supporting the use of external authentication by Entra include Cisco Duo, Entrust, Hypr, Ping Identity, RSA, Silverfort, Symantec, Thales and TrustBuilder.

External authentication methods serve as the successor to custom controls, offering several advantages over the previous approach. These benefits include integration with industry standards, ensuring compatibility and adherence to established norms, as well as management consistency with Entra methods, simplifying administrative processes.

In a recent blog post, Greg Kinasewitz, product manager for Microsoft Entra ID, expresses enthusiasm for the new capability, emphasizing its relevance for users seeking to leverage alternative MFA solutions alongside Entra ID’s robust functionalities, including Conditional Access and Identity Protection features.

According to Microsoft, customers utilizing Active Directory Federation Services (ADFS) in tandem with other MFA solutions have voiced their desire for this functionality to facilitate a seamless transition from AD FS to Entra ID.

External authentication methods can be employed to fulfill MFA requirements specified in Conditional Access Policies, Privileged Identity Management role activations, Identity Protection risk-based policies, and Microsoft Intune device registrations. They are managed within the Entra ID authentication methods policy, ensuring uniformity in administration and user experience.

Last year, Microsoft announced that customers of Microsoft Entra will be automatically enrolled into Microsoft Entra Conditional Access.

Identity provider partner companies typically focus on providing identity and access management (IAM) solutions, assisting businesses in managing user identities, securing access to resources, and enabling single sign-on (SSO) functionalities.

Prominent identity providers in this space include Okta, OneLogin, Google Workspace/Cloud Identity, and ForgeRock.

Article Topics

biometric authentication  |  digital identity  |  identity access management (IAM)  |  Microsoft  |  Microsoft Entra  |  multifactor authentication