Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations
  3. Microsoft Entra EAM

Authentication Strengths & Conditional Access with Entra EAM

This guide covers using Microsoft Entra ID's Authentication Strengths and Conditional Access policies together with Incode EAM. Authentication Strengths define the assurance level required for a given access scenario; Conditional Access policies enforce those requirements based on conditions like user, app, location, or risk. When Incode EAM is configured as a Federated Multifactor method, it can satisfy Authentication Strength requirements directly.

Prerequisites

  • You have completed the Microsoft Entra EAM setup guide
  • A Microsoft Entra administrator account with permissions to manage Authentication Methods and Conditional Access policies
  • A Microsoft Entra ID P1 or P2 subscription

How It Works

Microsoft Entra Authentication Strengths define a set of allowed authentication method combinations at a given assurance level. By creating a custom Authentication Strength that includes Federated Multifactor (which covers external authentication methods like Incode EAM), you can then reference that strength in a Conditional Access policy. When a user triggers that policy, Entra requires them to satisfy the Authentication Strength, routing them to Incode for verification.

Configuration Guide

Step 1: Create an Authentication Strength

  1. Log in to your Microsoft Entra Admin Center as an administrator.
  2. Navigate to Authentication Methods > Authentication Strengths.
  3. Click New Authentication Strength.
  4. Enter a unique name.
  5. Under Multifactor Authentication, select Federated Multifactor.
  6. Click Next, then Create.

Step 2: Create a Conditional Access Policy

  1. Navigate to Conditional Access > Policies.
  2. Click New Policy and enter a unique name.
  3. Configure the policy:
    • Users: Select the users or groups this policy applies to.
    • Conditions: Define when the policy triggers (by app, location, risk level, etc.). See Microsoft's Conditional Access conditions documentation for details.
    • Grant: Select Grant access and then Require Authentication Strength.
    • Select the Authentication Strength created in Step 1.
  4. Click Select, then Create.

Testing

  1. Navigate to a Microsoft application that meets your configured conditions.
  2. Sign in with an Entra account in the target group.
  3. After entering your password, you should be redirected to Incode to complete identity verification.
  4. Complete verification and confirm access is granted.

Updated about 2 hours ago