Today we’re going to walk through setting up Microsoft Azure AD’s new Conditional Access for Federated Applications, such as Workday, Salesforce, Concur and Google Apps for Work.

In order to start, we assume that you already have application federation in place, today we’ll be working with Salesforce. If you haven’t worked with federated applications yet, you can leverage Azure AD to cheap nfl jerseys automatically provision new user accounts in these applications as soon as a user is added to an application group! Saves the hassle of having to provision accounts in multiple portals!

The benefit of Multi-Factor Authentication here allows access to corporate SaaS applications while increasing security for me sensitive applications overall or just outside your corporate offices with the ability Finding to cheap mlb jerseys exempt a group of users as well.




We’re going to start by going to the cheap jerseys Configure tab.


Let’s scroll down and take wholesale jerseys a look at the access rules

You can see 2012+ there are new options to enable per-application Multi-factor Authentication. We can either globally enable it or enable it for a specific group of users, including the ability to add exceptions. In this case we’re going to shipping apply this rule to all, but we want to enable MFA when users are connecting outside of the office.

Let’s go ahead and check ALL USERS and Require multi-factor authentication when not at work


Let’s choose the option to define our network locations. In this case I’ll define our corporate office public IP range. We’ll then save the config and test!


Let’s go ahead in and test the MyApps portal by going to

We’ll test cheap jerseys internally first


Let’s go ahead and login


Let’s launch Salesforce. From inside, we should be taken directly to the Salesforce site with our corporate Salesforce account.


It works!

Now let’s test outside the organization. We don’t get prompted for MFA at login like the standard MFA does. However, when we launch the app, we get prompted to configure MFA for the first time

The 1st time you login, it will ask you to define your MFA type: Phone call, Text or Phone app.


We’ll setup the phone app



We get launched directly in!


Now we were already authenticated here. Let’s logoff and logon again to show the experience moving forward.




We’ve not configured Conditional Access leveraging Multi-factor authentication for Federated apps!

Leave a Reply

Your email address will not be published. Required fields are marked *