Customizing a user-friendly sign-in screen The identity of users without smart cards is validated using a workflow that requires their manager’s approval. The enrollment process used a portal designed to enable users to validate their phone number automatically when they sign in with a smart card during registration. Our corporate policies required that the user identity be validated for enrollment. Enrolling usersįor our sign-in experience, we have enabled signing in with mobile phone and signing in with mobile app notification. For critical services, we require multi-factor authentication for access, even for connections within the corporate network. The user experience is based on the connectivity type, so when the user connects remotely they are prompted for a second verification.
Our verification options include a phone call or mobile app notification, and the user can select the preferred option at the time of enrollment.
To further secure user identities, we enabled Microsoft Azure Multi-Factor Authentication as an additional verification method that is sent to the user. Setting up Microsoft Azure Multi-Factor Authentication We use Microsoft Azure AD Connect and Active Directory Federation Services (AD FS), so when an Azure-based application needs user attributes-for example, their location, organization, or job title-that information is available as long as the service has the right permissions to query for those attributes. To enable a single user identity for authentication and a unified experience when accessing resources in the cloud and on-premises, we integrated our on-premises Active Directory forests with Microsoft Azure Active Directory (Azure AD).
0 kommentar(er)
