Intelligent Enforcement of Multifactor Authentication with Azure Conditional Access and Acumatica

User Review
0 (0 votes)

Azure Conditional Access Today we are going to analyze some of the capabilities of Azure working together with Acumatica to provide a useful and secure way to log into Acumatica.

Azure Active Directory (Azure AD) can be used as your identity provider for single sign on into Acumatica. Beyond that, we’re going to take a look at some of the means of Conditional Access, a feature of Azure Active Directory Premium P1.

Conditional Access grants you the capabilities to enforce specific rules for authentication based on a number of criteria. This tool allows you to determine whether or not a login should be allowed, denied, or prompted for two factor authentication depending on the risk level of the sign in request.

Conditional Access policies can apply to specific application registrations within Azure.   You can selectively enforce MFA for a specific application, for specific users, in specific scenarios.

Once you have set up your AAD integrated login per the steps here , open your Azure Portal.

Open Azure Active Directory – Security – Conditional Access.

  • Create a new policy, assign users or groups:

Azure Active Directory

  • Associate the Acumatica app registration:

Azure Active Directory

  • Exempt logins from trusted devices, locations, etc. if desired

Azure Active Directory

  • Prompt for MFA

Azure Active Directory

Conditional Access requires an Azure AD Premium P1 SKU assigned to the user which is included with Microsoft 365 E3 and E5, EMS SKUs or can be purchased ala carte.

Depending on the option you have configured for your Azure AD account, the two factor authentication challenge could come as a text message or push notification to the Microsoft Authenticator app on your phone.  Azure takes care of the validation, then passes a token to Acumatica, allowing you to log in.

Using Azure authentication, you have a unified login history available in the Azure portal, by user or by app registration:

Azure Active Directory

How are you purchasing your Office 365 licensing currently?  If you are purchasing directly from Microsoft, you are not getting the full value of your investment.  Crestwood is a gold certified cloud partner with Microsoft and we provide licensing and guidance for the full Office 365 product suite. Contact us today for more information.