Managing identities and securing access are becoming increasingly complex as businesses transition to cloud-based services and hybrid work models. With OpenOTP’s latest integration, it now works seamlessly with Microsoft Entra ID (formerly Azure AD), providing advanced strong authentication services that can fully replace Entra ID’s built-in MFA system. Whether it’s for securing Azure accounts, Microsoft 365, or any Azure-integrated product, OpenOTP is ready to fortify your authentication processes.
This post details how RCDevs solutions extend Entra ID’s functionality across key areas to support secure access for both internal and external users.
A New Level of Authentication for Microsoft Entra ID
RCDevs’ OpenOTP and Identity Provider (IdP) now fully integrate with Entra ID, providing a robust layer of security to your authentication processes. By leveraging this integration, organizations gain:
- Advanced Authentication Features: Deploy adaptive multi-factor authentication (MFA) that adjusts based on user roles and access contexts, providing flexibility and increased security.
- Cost-Effective Security: OpenOTP offers a more affordable and feature-rich alternative to Entra ID’s premium plans (P1, P2, or Suite), allowing businesses to save on costs while benefiting from stronger security.
Authentication with RCDevs IdP & OpenOTP
RCDevs products now support Microsoft’s Entra ID External Authentication Method (EAM), enabling organizations to authenticate users through the RCDevs Identity Provider via OpenID and OpenOTP. With this integration, Entra ID can serve as the primary identity source for applications, reducing the need to duplicate identity information across platforms.
Key capabilities of RCDevs Identity Provider with Entra ID EAM:
- Authentication using OpenOTP and OpenID: External users can authenticate through Entra ID and RCDevs Identity Provider, making it compatible with a variety of applications.
- Adaptive authentication options: OpenOTP provides multiple authentication methods, allowing organizations to configure flexible multi-factor authentication (MFA) requirements for different user types or access contexts.
For technical guidance on setting up EAM with RCDevs, refer to the RCDevs documentation on EAM.
Illustration with Microsoft 365
To better understand how OpenOTP integrates with Microsoft Entra ID, let’s look at an example using Microsoft 365, one of the most widely used productivity suites in the world.
When an organization uses Microsoft 365, securing user access is crucial to protect sensitive information and ensure compliance. By enabling Entra ID’s external authentication method with OpenOTP through the RCDevs Identity Provider (IdP), businesses can elevate their security protocols while maintaining seamless access for users.
- Open Office 365, go to the sign-in page, and click on Sign-In.
- Enter your username.
- Enter your password.
- If the credentials are validated successfully, you will see your External Authentication Method. Click on it to be redirected to your Identity Provider.
- After being redirected to the IdP login page, you are immediately prompted with an OTP challenge. If a FIDO device had been registered to this account, you would be prompted for a FIDO challenge instead.
- After a successful authentication with your Identity Provider, you will be redirected to the Office 365 landing page.
This setup provides a flexible and secure way to protect Microsoft 365, enabling organizations to leverage advanced authentication features while potentially lowering costs compared to Microsoft’s premium Entra ID plans.
User & Group Synchronization with WebADM
RCDevs allows organizations to synchronize Entra ID users and groups into WebADM, its identity management platform. This synchronization enables centralized management by mirroring Entra ID identities in WebADM, making it easier to apply access policies consistently across different applications.
Benefits of user and group synchronization between Entra ID and WebADM:
- Automated updates: When changes occur in Entra ID, user and group details in WebADM are automatically updated, reducing manual administrative tasks.
- Badging functionality integration: Organizations can link synchronized users with OpenOTP’s Badging feature. For instance, accounts can be locked if users do not request access through OpenOTP Token application or RCDevs Self-Services.
- Extending Entra ID’s reach across systems: Users and groups can be authenticated and used on any on-prem applications, linux systems, legacy applications using the LDAP protocol, VPNs, NAC, etc…
- Password sync: User passwords can be maintained on premise and used by a variety of integrations consuming these identities.
For more information on user and group synchronization, visit the technical documentation here.
Password Reset: Supporting Self-Service
RCDevs’ Password Reset application enables end-users to reset their Entra ID passwords without needing IT support. This feature is designed to help organizations reduce support requests by allowing users to manage their account recovery independently.
Features of the Password Reset application:
- Self-service password reset: Users reset their Entra ID passwords directly through RCDevs, making account recovery straightforward.
- Minimized support requirements: By shifting password reset responsibilities to end-users, organizations can reduce helpdesk workload related to password issues.
- Password Management: Enhance security with proactive password verification that checks for compromised or weak passwords and ensures compliance with password policies. In cases of non-compliance, admins receive instant notifications, and accounts can be automatically blocked to prevent unauthorized access. Additionally, users can receive an automated self-service password reset link, making it easy for them to update their credentials promptly and maintain compliance without administrative intervention. This approach reduces password fatigue, empowers users, and strengthens overall security.
Local Group Management in WebADM for Access Control
WebADM also provides the flexibility to create and manage groups locally, enabling administrators to add Entra ID users to these custom groups within WebADM. This setup offers complete control over access policies and integrations directly within WebADM, without impacting your existing Entra ID group structures.
Benefits of Local Group Management in WebADM:
- Role-based Access Management: Administrators can define distinct access levels by assigning Entra ID users to locally managed groups in WebADM, allowing fine-grained control over user access across various applications.
- Customizable Access Policies: With local group information stored in WebADM, organizations can tailor access controls specifically for each application or user segment. This provides precise control over application access while keeping Entra ID groups unchanged.
Local group management in WebADM gives you the flexibility to define access and integration policies independently, making it an ideal solution for organizations seeking detailed, adaptable role-based access control.
The integration of Entra ID with RCDevs solutions such as WebADM, OpenOTP, and RCDevs Identity Provider offers organizations greater flexibility in managing identity and access control. By combining Entra ID’s identity services with RCDevs’ authentication options, automated synchronization, self-service password reset, and group-based access control, organizations can build a consistent approach to secure access management across a wide range of applications.
Content retrieved from: https://www.rcdevs.com/entra-id-eam-integration-with-rcdevs-authentication-sync-access-control/
