This article covers what multifactor authentication is and how to configure a conditional access multifactor authentication policy for operators and administrators who access CoreView.
Multifactor Authentication (MFA) Overview
Multifactor Authentication (MFA) is when a user is prompted for additional forms of identification during a sign-in event. This prompt could be to enter a code on their cellphone or provide a fingerprint scan. When you require a second form of authentication, security is increased as this additional factor isn't easy for an attacker to obtain or duplicate.
The following guide will teach you how to setup the basic Conditional Access MFA Policy for Operators and Admin accessing your CoreView Portal.
To implement MFA, a working Azure AD tenant with at least an Azure AD Premium P1 or trial license enabled is needed for each account to be assigned to an MFA policy. If needed, add some trial licenses for free.
Note: Remember to create your CoreView Operator’s Accounts selecting the flag “Use organization account” in order to enable the single sign on feature available between your Azure Ad environment and CoreView portal. This feature allows you to leverage any security setting you applied in your Azure AD environment.
The recommended way to enable and use Azure AD Multi-Factor Authentication is with Conditional Access policies. Conditional Access lets you create and define policies that react to sign-in events and request additional actions before a user is granted access to an application or service.
Conditional Access policies can be granular and specific to empower users to be productive wherever and whenever and protect your organization.
This guide will create a basic Conditional Access policy to prompt for MFA when a user signs in to the CoreView portal.
However, please consider that you can assign different criteria to your conditional access policies, such as a risk-based Conditional Access policy. For more details about this topic, please review the reference section of this document.
First, create a Conditional Access policy and assign your security group of users as follows:
- Sign in to the Azure portal using an account with global administrator permissions.
- Search for and select Azure Active Directory, then choose Security from the menu on the left-hand side.
- Select Conditional Access, then choose + New policy.
- Enter a name for the policy (in the screenshot below, we have used “Test MFA”)
- Under Assignments, choose Users and groups, then the Select users and groups radio button.
- Check the box for Users and groups, then Select to browse the available Azure AD users and groups.
- Browse for and select your Azure AD group, such as CoreView MFA Enabled, then choose Select.
Note: The group CoreView MFA Enabled has been created before, and a pilot user account has been assigned to this group. All the users who belong to the configured group will be prompted for multi-factor authentication when they log in CoreView portal.
To apply the Conditional Access policy for the group, select Done.
With the Conditional Access policy created and a test group of users assigned, now define the cloud apps or actions that trigger the policy.
These cloud apps or actions are the scenarios you decide to require additional processing, such as to prompt for MFA.
So, to configure the Conditional Access policy to require MFA when a user signs in to the CoreView portal, please complete the following steps:
- Select Cloud apps or actions; on the Include page, choose the Select apps radio button.
- Choose Select, then browse the list of available sign-in events that can be used and choose CoreView Portal, so the policy applies to sign-in events to the CoreView portal as shown in the below picture:
- To select the apps, choose Select, then Done.
- Under Access controls, choose Grant, then make sure the Grant access radio button is selected.
- Check the box for Require multi-factor authentication, then choose Select.
Conditional Access policies can be set to Report-only if you want to see how the configuration would impact users or Off if you don't want to use the policy right now.
As a test group of users was targeted for this guide, let's enable the policy and then test CoreView log in Multi-Factor Authentication. You will:
- Set the Enable policy toggle to On.
- Select Create to apply the Conditional Access policy.
Microsoft Documentation References
Setup Multifactor Authentication:
Multifactor Authentication for Microsoft 365: