This article is part 7 of a series, for which the following articles are available:
Conditional Access demystified, part 1: Introduction
Conditional Access demystified, part 2: What is Conditional Access?
Conditional Access demystified, part 3: How does Conditional Access work?
Conditional Access demystified, part 4: Designing a Conditional Access strategy
Conditional Access demystified, part 5: Implementing Conditional Access
Conditional Access demystified, part 6: Troubleshooting Conditional Access
Conditional Access demystified, part 8: Resources and further references
When you want to integrate other products into your Conditional Access environment you can use “Custom controls” to include products from other vendors into your Conditional Access conditions. If a custom control is used the browser is redirected to the external service, performs any required authentication or validation activities, and is then redirected back to Azure Active Directory. If the user was successfully authenticated or validated, the user continues in the Conditional Access flow. More information and some samples can be found here: Azure AD + 3rd party MFA = Azure AD Custom Controls – https://blogs.technet.microsoft.com/cbernier/2017/10/16/azure-ad-3rd-party-mfa-azure-ad-custom-controls/. This feature is still in preview but very promising for 3rd party vendors who want to integrate with Conditional Access.
Providers currently offering a compatible service for custom access controls include:
- Duo Security
- Entrust Datacard
- Ping Identity
- Symantec VIP
- Thales (Gemalto)
In the next, and last article of this series I’m going to provide some more information on used resources and further references.