Introduction
This document provides a step-by-step guide to configure Oloid EAM (External Authentication Method) within Microsoft Entra ID. The integration enables seamless authentication by combining Oloid's passwordless authentication capabilities with Microsoft Entra ID's robust identity management.
By following the outlined configuration process, you can set up Oloid as an external MFA provider for secure and efficient user access to enterprise applications.
Key highlights of this document include:
Obtaining Essential Oloid Tenant Details:
Client ID, OpenID Configuration, and Authorization Endpoints.
Configuring Microsoft Entra ID:
Setting up application registration, external authentication methods, and conditional access policies.
Testing Integration:
Verifying authentication flows for users accessing applications such as ServiceNow.
This setup enhances security while improving user experience by integrating Oloid's passwordless authentication into Azure AD's existing infrastructure.
Follow the steps meticulously to ensure a smooth and successful configuration.
Step 1: Obtain Oloid Tenant Configuration
To configure Oloid as an External Authentication Method in Microsoft Entra ID, gather the following details from your Oloid tenant:
Client ID | <<################################>> |
OIDC Endpoint | |
Authorization Endpoint |
Step 2: Register an Application in Microsoft Entra ID
Log in to the Microsoft Entra ID Portal with an account that has Global Administrator permissions or sufficient access to create applications.
Navigate to Microsoft Entra ID > App Registrations > New Registration.
Provide the following details:
Name: As per your requirements, e.g., oloid-eam or mfa-oloid-eam.
Redirect URI: Use the Authorization Endpoint from Step 1.
After registration, note down the Application ID of the newly created application. Example Application ID: 978733fb-ddc2-463a-8f21-1b003a399f3d
Step 3: Configure External Authentication Method in Microsoft Entra ID
Navigate to Default Directory > Security > Manage > Authentication Methods
Click on +Add External Method (Preview).
Provide the following properties:
Name | Display name for MFA (cannot be changed later). |
Client ID | Oloid Client ID obtained in Step 1. |
Discovery Endpoint | Oloid OIDC Endpoint from Step 1. |
App ID | Azure Application ID from Step 2. |
4. Click on Request Permission and accept the required permissions.
5. Click Save and enable the configuration.
Step 4: Provide Microsoft Entra ID Information to Oloid
Share the following details of your Microsoft Entra ID tenant with Oloid for final configuration:
Configuration Detail | Value |
Tenant ID | Obtain from Microsoft Entra ID. |
Application ID | 978733fb-ddc2-463a-8f21-1b003a399f3d (Step 2). |
OIDC Endpoint | Found under Azure App Endpoints section. |
The Tenant ID can be obtained from the following screen:
Instructions to Obtain Endpoints:
Navigate to App Registrations > Select the registered application > Endpoints.
2. Navigate to the application created in Step 2.
3. Click on Token Configuration.
4. Click on + Add optional claim.
5. Under ID Token, add the following claims:
email
Upn
6. Click Add to save the configuration.
Step 5: Apply Conditional Access Policies
Navigate to Default Directory > Security > Protect > Conditional Access
Click on Policy Snapshot.
Click on +New Policy.
Apply policy to a group of users e.g. snow-users.
On Resources, select an application e.g. Service Now.
On Grant section, select Grant Access with MFA.
Select Require one of the selected controls.
Enable and Save the policy.
Step 6: Test the Integration
Test the integration using an application managed by Microsoft Entra ID e.g. ServiceNow
Open the ServiceNow application URL: https://<<servicenow_tenant>>.service-now.com
Log in with a user account that meets the following criteria:
Belongs to the snow-users group.
Has access to the ServiceNow application.
After entering the password, the user will be prompted for Oloid EAM.
Authenticate using Oloid MFA (ensure the user’s Oloid account has the same email as the Microsoft Entra ID UPN).
Upon successful authentication, the user will be logged into ServiceNow.