Skip to main content

Integrating Oloid as an EAM with Microsoft Entra ID

Updated over a month ago

Introduction

This document provides a step-by-step guide to configure Oloid EAM (External Authentication Method) within Microsoft Entra ID. The integration enables seamless authentication by combining Oloid's passwordless authentication capabilities with Microsoft Entra ID's robust identity management.

By following the outlined configuration process, you can set up Oloid as an external MFA provider for secure and efficient user access to enterprise applications.

Key highlights of this document include:

Obtaining Essential Oloid Tenant Details:

Client ID, OpenID Configuration, and Authorization Endpoints.

Configuring Microsoft Entra ID:

Setting up application registration, external authentication methods, and conditional access policies.

Testing Integration:

Verifying authentication flows for users accessing applications such as ServiceNow.

This setup enhances security while improving user experience by integrating Oloid's passwordless authentication into Azure AD's existing infrastructure.

Follow the steps meticulously to ensure a smooth and successful configuration.

Step 1: Obtain Oloid Tenant Configuration

To configure Oloid as an External Authentication Method in Microsoft Entra ID, gather the following details from your Oloid tenant:

Client ID

<<################################>>

OIDC Endpoint

https://api.oloidpreview.com/oidc/showcase/eam/oauth2/.well-known/openid-configuration

Authorization Endpoint

https://api.oloidpreview.com/oidc/showcase/eam/oauth2/authorize

Step 2: Register an Application in Microsoft Entra ID

  1. Log in to the Microsoft Entra ID Portal with an account that has Global Administrator permissions or sufficient access to create applications.

  2. Navigate to Microsoft Entra ID > App Registrations > New Registration.

  3. Provide the following details:

    • Name: As per your requirements, e.g., oloid-eam or mfa-oloid-eam.

    • Redirect URI: Use the Authorization Endpoint from Step 1.

  4. After registration, note down the Application ID of the newly created application. Example Application ID: 978733fb-ddc2-463a-8f21-1b003a399f3d

Step 3: Configure External Authentication Method in Microsoft Entra ID

  1. Navigate to Default Directory > Security > Manage > Authentication Methods

  2. Click on +Add External Method (Preview).

  3. Provide the following properties:

Name

Display name for MFA (cannot be changed later).

Client ID

Oloid Client ID obtained in Step 1.

Discovery Endpoint

Oloid OIDC Endpoint from Step 1.

App ID

Azure Application ID from Step 2.

4. Click on Request Permission and accept the required permissions.

5. Click Save and enable the configuration.

Step 4: Provide Microsoft Entra ID Information to Oloid

Share the following details of your Microsoft Entra ID tenant with Oloid for final configuration:

Configuration Detail

Value

Tenant ID

Obtain from Microsoft Entra ID.

Application ID

978733fb-ddc2-463a-8f21-1b003a399f3d (Step 2).

OIDC Endpoint

Found under Azure App Endpoints section.

The Tenant ID can be obtained from the following screen:

Instructions to Obtain Endpoints:

  1. Navigate to App Registrations > Select the registered application > Endpoints.

2. Navigate to the application created in Step 2.

3. Click on Token Configuration.

4. Click on + Add optional claim.

5. Under ID Token, add the following claims:

  • email

  • Upn

6. Click Add to save the configuration.

Step 5: Apply Conditional Access Policies

  1. Navigate to Default Directory > Security > Protect > Conditional Access

  2. Click on Policy Snapshot.

  3. Click on +New Policy.

  4. Apply policy to a group of users e.g. snow-users.

  5. On Resources, select an application e.g. Service Now.

  6. On Grant section, select Grant Access with MFA.

  7. Select Require one of the selected controls.

  8. Enable and Save the policy.

Step 6: Test the Integration

Test the integration using an application managed by Microsoft Entra ID e.g. ServiceNow

  1. Open the ServiceNow application URL: https://<<servicenow_tenant>>.service-now.com

  2. Log in with a user account that meets the following criteria:

    • Belongs to the snow-users group.

    • Has access to the ServiceNow application.

  3. After entering the password, the user will be prompted for Oloid EAM.

    A screenshot of a computer error Description automatically generated

  4. Authenticate using Oloid MFA (ensure the user’s Oloid account has the same email as the Microsoft Entra ID UPN).

  5. Upon successful authentication, the user will be logged into ServiceNow.

A screenshot of a computer Description automatically generated

Related Articles
Set up Microsoft Entra ID for Oloid Workflow Integration
PingOne Settings for Oloid SSO
Configure Oloid as OIDC IDP in Auth0
How to get Microsoft Entra ID Credentials for User Sync
Integrating Oloid tenant to your PingOne (OIDC) instance
Did this answer your question?