Configure Entra ID EAM

IDmelon can be inegrated to work as extenal authentication method in Microsoft Entra ID.

Microsoft Entra ID #

In this document you are going to set up IDmelon as an external IdP to Microsoft external authentication method (EAM).

Prerequisites #

• An active Entra ID P1 or P2 subscription including Conditional Access, with the P1/P2 licenses assigned to each user that will log in using IDmelon 2FA.

• A designated Entra ID admin service account to use for authorizing the IDmelon application access. This account needs the Entra ID Global Administrator or Privileged Role Administrator role during IDmelon setup.

Setup IDmelon as IDP #

• Log in to the IDmelon panel, navigate to the App Integration > 2FA Protection, and click New Application:
  

• You will be needing the values provided in the newly opened window to setup IDmelon as external IDP:
  

Create New Application In Azure #

• Login to the admin azure panel from here , and click the Enterprise applications.
  

• From the All applications menu, click on the New application.
  

• Click on the Create your own application.
  

• Provided a name for your application.
• Select App you're developing option.
• Click on Create.
  

• Select Multitenant option.
• Select Web platform and paste Redirect URI provided in IDmelon panel.
• Click on Register
  

• Go back to Enterprise Applications and click on your newly created application (Application ID will be needed).
  

Configure Entra ID To Use IDmelon As External IDP #

• Go to the Microsoft Entra ID and from left bar navigate to Manage > Security.
  

• In newly opened widow navigate to Manage > Authentication Methods.
  

• Click on Add external method.
  

• Provide a name to be displayed on the Microsoft MFA page.
• Fill in the Client ID field with value Provided by IDmelon.
• Fill in the Discovery Endpoint field with value Provided by IDmelon.
• Fill in the App ID field with your Entra ID application ID.
• Provide admin consent.
• Click on Enable button.
• Click on Save.
  

Note: If the Request admin consent information shows a Request permission button instead of saying Admin consent granted, click the Request permission button to authorize the grant the IDmelon External Authentication Method application, making sure to check the box next to Consent on behalf of your organization before clicking Accept.

Create And Apply IDmelon Conditional Access Policy #

• Return to Enterprise Applications and click on your newly created application.
• Navigate to Security > Conditional Access
  

• Click on New Policy
  

• Provide a name for policy.
• Click on Users and apply this policy to the desired users.
  

• Click on Target resources and apply this policy to the desired resources.
  

• Click on Grant.
• Select Grant access.
• Check Require multifacore authentication box.
• Click on Select.
  

• Enable the policy.
• Click on Create.