Microsoft External Authentication Methods (EAM)
Beyond Identity phishing-resistant passwordless authentication for Microsoft Entra ID
Integrate Beyond Identity with Microsoft Entra ID using the External Authentication Methods (EAM) configuration for users to have phishing-resistant and passwordless authentication to Entra ID logons.
This guide covers the process of configuring Microsoft Entra ID and Beyond Identity. Each section contains instructions for that specific platform. View the overall summary in the list below.
- Set up configurations for Beyond Identity
- Register a new app in Microsoft Entra ID to configure EAM
- Configure API permissions for Microsoft Graph
- Validate administrator consent for Microsoft EAM
- Assign new identities in Beyond Identity
- Configure Microsoft conditional access policy
- User login verification for testing
Prerequisites
To get started with the integration, view the following prerequisites.
Microsoft Entra ID requirements
This information contains the necessary items for integrating with Beyond Identity.
- Microsoft Entra ID global administrator privileges
- Active Entra ID P1 license
- SCIM implementation for Microsoft Entra as upstream directory source to Beyond Identity
- View the Generic SCIM for more information.
Beyond Identity requirements
The list below covers the basic Beyond Identity requirements for the integration.
- Secure Access Tenant with Super Admin Role
- Use an existing account, or sign up here to create a new Beyond Identity account
- Have at least two devices and two Super Admin roles configured*
- *Recommended, optional
Steps
Follow the steps in the sections below to complete your integration for Beyond Identity and Microsoft EAM.
Legend
The sections below use these two color codings to identify the steps for separate platforms. Use a separate browser window when following instructions for each platform.
🔵 Beyond Identity - Beyond Identity platform tasks are highlighted in blue.
🟠 Microsoft Entra ID - Microsoft EAM platform tasks are highlighted in orange.