Introduction
This document provides a step-by-step guide to configure Oloid EAM (External Authentication Method) within Azure Active Directory (Azure AD). The integration enables seamless authentication by combining Oloid's passwordless authentication capabilities with Azure AD's robust identity management.
By following the outlined configuration process, you can set up Oloid as an external MFA provider for secure and efficient user access to enterprise applications.
Key highlights of this document include:
Obtaining Essential Oloid Tenant Details:
Client ID, OpenID Configuration, and Authorization Endpoints.
Configuring Azure AD:
Setting up application registration, external authentication methods, and conditional access policies.
Testing Integration:
Verifying authentication flows for users accessing applications such as ServiceNow.
This setup enhances security while improving user experience by integrating Oloid's passwordless authentication into Azure AD's existing infrastructure.
Follow the steps meticulously to ensure a smooth and successful configuration.
Step 1: Obtain Oloid Tenant Configuration
To configure Oloid as an External Authentication Method in Azure AD, gather the following details from your Oloid tenant:
Client ID | <<################################>> |
OIDC Endpoint | |
Authorization Endpoint |
Step 2: Register an Application in Azure AD
Log in to the Azure AD Portal with an account that has Global Administrator permissions or sufficient access to create applications.
Navigate to Azure AD > App Registrations > New Registration.
Provide the following details:
Name: As per your requirements, e.g., oloid-eam or mfa-oloid-eam.
Redirect URI: Use the Authorization Endpoint from Step 1.
After registration, note down the Application ID of the newly created application. Example Application ID: 978733fb-ddc2-463a-8f21-1b003a399f3d
Step 3: Configure External Authentication Method in Azure AD
Navigate to Default Directory > Security > Manage > Authentication Methods
Click on +Add External Method (Preview).
Provide the following properties:
Name | Display name for MFA (cannot be changed later). |
Client ID | Oloid Client ID obtained in Step 1. |
Discovery Endpoint | Oloid OIDC Endpoint from Step 1. |
App ID | Azure Application ID from Step 2. |
4. Click on Request Permission and accept the required permissions.
5. Click Save and enable the configuration.
Step 4: Provide Azure AD Information to Oloid
Share the following details of your Azure AD tenant with Oloid for final configuration:
Configuration Detail | Value |
Tenant ID | Obtain from Azure AD. |
Application ID | 978733fb-ddc2-463a-8f21-1b003a399f3d (Step 2). |
OIDC Endpoint | Found under Azure App Endpoints section. |
The Tenant ID can be obtained from the following screen:
Instructions to Obtain Endpoints:
Navigate to App Registrations > Select the registered application > Endpoints.
2. Navigate to the application created in Step 2.
3. Click on Token Configuration.
4. Click on + Add optional claim.
5. Under ID Token, add the following claims:
email
Upn
6. Click Add to save the configuration.
Step 5: Apply Conditional Access Policies
Navigate to Default Directory > Security > Protect > Conditional Access
Click on Policy Snapshot.
Click on +New Policy.
Apply policy to a group of users e.g. snow-users.
On Resources, select an application e.g. Service Now.
On Grant section, select Grant Access with MFA.
Select Require one of the selected controls.
Enable and Save the policy.
Step 6: Test the Integration
Test the integration using an application managed by Azure AD e.g. ServiceNow
Open the ServiceNow application URL: https://<<servicenow_tenant>>.service-now.com
Log in with a user account that meets the following criteria:
Belongs to the snow-users group.
Has access to the ServiceNow application.
After entering the password, the user will be prompted for Oloid EAM.
Authenticate using Oloid MFA (ensure the user’s Oloid account has the same email as the Azure AD UPN).
Upon successful authentication, the user will be logged into ServiceNow.