Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations
  3. Microsoft Entra EAM

Authentication Strengths & Conditional Access with Entra EAM

This page covers using Microsoft Entra ID's Authentication Strengths and Conditional Access policies together with Incode EAM. Authentication Strengths define the assurance level required for a given access scenario. Conditional Access policies enforce those requirements based on conditions like user, app, location, or risk. When Incode EAM is configured as a Federated Multifactor method, it can satisfy Authentication Strength requirements directly.

Prerequisites

Ensure you have the following before you begin:

  • Microsoft Entra EAM setup complete
  • A Microsoft Entra administrator account with permissions to manage Authentication Methods and Conditional Access policies
  • A Microsoft Entra ID P1 or P2 subscription

Understand How It Works

Microsoft Entra Authentication Strengths define a set of allowed authentication method combinations at a given assurance level. By creating a custom Authentication Strength that includes Federated Multifactor, which covers external authentication methods like Incode EAM, you can then reference that strength in a Conditional Access policy. When a user triggers that policy, Entra requires them to satisfy the Authentication Strength, routing them to Incode for verification.

Set Up Authentication Strengths and Conditional Access

Create an Authentication Strength

  1. Log in to your Microsoft Entra Admin Center as an administrator.
  2. Go to Authentication Methods > Authentication Strengths.
  3. Click New Authentication Strength.
  4. Enter a unique name.
  5. Under Multifactor Authentication, select Federated Multifactor.
  6. Click Next, then Create.

Create a Conditional Access Policy

  1. Go to Conditional Access > Policies.
  2. Click New Policy and enter a unique name.
  3. Configure the policy:
    • Users: Select the users or groups this policy applies to.
    • Conditions: Define when the policy triggers—by app, location, risk level, etc. See Microsoft's Conditional Access conditions documentation for details.
    • Grant: Select Grant access and then Require Authentication Strength.
    • Select the Authentication Strength created in the previous steps.
  4. Click Select, then Create.

Test the Integration

  1. Go to a Microsoft application that meets your configured conditions.
  2. Sign in with an Entra account in the target group.
  3. After entering your password, confirm you are redirected to Incode to complete identity verification.
  4. Complete verification and confirm access is granted.