Intelligent enforcement of multifactor authentication with Azure Conditional Access and Acumatica

Multifactor Authentication

In today’s blog post we are going to explore some of the capabilities of Azure working together with Acumatica to provide an easy to use and secure way to log into Acumatica.

You can use Azure Active Directory (Azure AD) as your identity provider for single sign on into Acumatica.  But beyond that, we are going to take a look at some of the capabilities of Conditional Access, a feature of Azure Active Directory Premium P1.

Conditional Access allows you to enforce specific rules for authentication based on a number of criteria.  Using this tool you can determine whether or not a login should be allowed, denied or prompted for two factor authentication depending on the risk level of the sign in request.

Conditional Access policies can apply to specific application registrations within Azure.   This way you can selectively enforce MFA for a specific application, for specific users, in specific scenarios.

Once you have set up your AAD integrated login per the steps here , open your Azure Portal

Open Azure Active Directory – Security – Conditional Access

  • Create a new policy, assign users or groups:

Multifactor Authentication

  • Associate the Acumatica app registration:

Multifactor Authentication

  • Exempt logins from trusted devices, locations, etc if desired

Multifactor Authentication

  • Prompt for MFA

Multifactor Authentication

Conditional Access requires an Azure AD Premium P1 SKU assigned to the user which is included with Microsoft 365 E3 and E5, EMS SKUs or can be purchased ala carte.

Depending on the option you have configured for your Azure AD account, the two factor authentication challenge could come as a text message or push notification to the Microsoft Authenticator app on your phone.  Azure takes care of the validation, then passes a token to Acumatica, allowing you to log in.

Using Azure authentication, you have a unified login history available in the Azure portal, by user or by app registration:

Multifactor Authentication

How are you purchasing your Office 365 licensing currently?  If you are purchasing directly from Microsoft, you are not getting the full value of your investment.  Crestwood is a gold certified cloud partner with Microsoft and we provide licensing and guidance for the full Office 365 product suite contact us for a consultation.

Leave a Reply