Step-by-Step Information : Methods to allow QR code authentication for Microsoft Entra ID (Preview) ?

Microsoft Entra ID helps an extended listing of Authentication strategies.

• Home windows Good day for Enterprise
• Microsoft Authenticator app
• Authenticator Lite
• Passkey (FIDO2)
• Certificates-based authentication
• {Hardware} OATH tokens (preview)
• Software program OATH tokens
• Exterior authentication strategies (preview)
• Non permanent Entry Move (TAP)
• Brief Message Service (SMS) sign-in and verification
• Voice name verification
• Password

This permits organizations to pick essentially the most safe and productive authentication strategies for his or her enterprise. Whereas essentially the most safe technique might not at all times be the best, and vice versa, having quite a lot of supported authentication strategies helps to strike a stability between these two facets.

Microsoft Entra ID now helps QR authentication, a way particularly designed for frontline employees who use shared gadgets. This offers a handy and safe login expertise for these employees.

1)        An account with Authentication Coverage Administrator permission or increased can allow QR code as an authentication technique.

2)        As soon as the strategy is enabled, a QR code and non permanent PIN might be generated for the person.

3)        The QR code ought to be made out there to the person. It may be downloaded, printed, or added to a badge.

4)        The QR code is exclusive however can’t be used with out the PIN.

5)        The non permanent PIN have to be reset when the person authenticates for the primary time.

6)        As soon as the QR code and PIN are arrange, the person can use them for subsequent logins.

1)        QR authentication is designed for frontline employees and shouldn’t be extensively used. Phishing-resistant authentication is advisable wherever potential.

2)        Don’t allow this authentication technique for all customers; solely allow it for required customers.

3)        QR authentication is at the moment solely supported on cellular gadgets working iOS/iPadOS or Android.

4)        QR authentication doesn’t enable self-service PIN reset for customers.

On this weblog put up I’m going to exhibit the way to configure QR authentication for the Microsoft Entra ID customers.

Let’s begin with enabling authentication technique.

1. Log in to the Entra admin portal at https://entra.microsoft.com/as an Authentication Coverage Administrator or increased.
2. Navigate to Safety | Authentication Strategies.

3. Underneath Insurance policies, click on on QR code (Preview).

4. Within the QR code (Preview) settings web page, click on on Allow to activate the authentication technique. Then, choose the related person group because the goal.

5. Click on on the Configure tab. Right here, you possibly can alter the PIN size and the lifetime of the QR code. The default is one year, however it may be prolonged as much as 395 days. As soon as modifications are made, click on on Save to use them.

This permits the QR code as an authentication technique for the tenant. Subsequent, let’s examine the way to generate a QR code for a person.

To generate QR code for person,

1. Navigate to Customers | All customers.
2. Choose the person from the goal group configured within the earlier part.
3. Click on on Authentication strategies.

4. Click on on + Add authentication technique.

5. From the dropdown, choose QR code (Preview).

6. Within the settings web page, outline the expiration date and activation time. Click on on Generate PIN to create a short lived PIN. Notice down the PIN and click on on Add.

7. It will generate the QR code. Obtain it to be used with authentication.

Now that now we have generated a QR code for a person, let’s proceed with some testing.

For testing, I used an iOS gadget to log in to the workplace portal. On the login web page, I typed the username after which clicked on Signal-in choices.

Within the Signal-in choices web page, I chosen Check in to a corporation.

On the following web page, I selected Check in with QR code.

I clicked on Permit to grant entry to the digicam.

After that, I scanned the QR code downloaded within the earlier step.

As soon as the QR code was efficiently detected, I entered the non permanent PIN that was generated and clicked on Check in.

On the following web page, I used to be prompted to outline a brand new PIN since this was the primary login. After defining the PIN, I clicked on Check in.

As anticipated, I used to be in a position to log in efficiently.

This marks the tip of the weblog put up, and I consider you now have a greater understanding of the way to allow and use QR code for authentication.