MFA using IdP for conditional access M365

Philip Brusten philip.brusten at kuleuven.be
Thu Feb 20 11:22:31 EST 2020


Hi

has anyone integrated their Shibboleth IdP software with a custom 
control using conditional access on MS Azure AD (requires premium p1 
license):

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls#custom-controls-preview

(looks like OpenID connect is also involved ~ DiscoveryURL)

We provide a MFA solution on our IdP and would like to integrate it with 
M365 to avoid our users to use a 2nd solution using MS Authenticator.

This seems interesting as well, but not sure if this works with SAML2.0:

https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-mandating-mfa#issue-7-partner-has-implemented-3rd-party-mfa-which-isnt-recognized-by-azure-ad

###
please confirm with the 3rd party MFA solution provider that the MFA 
solution cannot be configured to flow the 
authenticationmethodsreferences claim (with value multipleauthn) to 
Azure AD to indicate that MFA verification has been completed during 
user authentication
###

Is it just a matter of setting the AD FS claim 
"https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" 
with value "http://schemas.microsoft.com/claims/multipleauthn" when MFA 
has been performed?

Thx,

Philip



More information about the users mailing list