It’s finally here! Microsoft’s new external authentication methods (EAM) is now available in public preview, set to replace custom controls. For the past couple of months, we’ve been working closely with the Microsoft Entra ID team to bring you this highly anticipated security enhancement.
External authentication methods integration with CyberArk delivers enhanced security while simplifying user experiences. CyberArk customers can now leverage our FIDO Alliance-certified authentication with their Microsoft Entra ID MFA. Protect your workforce and most privileged resources by easily creating access policies and implementing end-to-end passwordless.
What is Microsoft’s External Authentication Methods?
This feature was developed to replace Entra ID custom controls and will enable organizations to use non-Microsoft systems for verifying user identities. Custom controls allowed integration with only a few MFA providers and limited customer choice and flexibility, often resulting in the need for multiple MFA tools. By allowing integration with third-party MFA or other Identity providers, Microsoft is empowering businesses to customize their access framework while maintaining their frictionless user experience.
“At Microsoft, we’re committed to helping customers strengthen defenses. The integration of Microsoft Entra external authentication methods with CyberArk, a key player in identity security, gives customers more flexibility to use their preferred MFA solutions and enhance protection against phishing and other advanced threats,” said Natee Pretikul, Principal Product Management Lead, Microsoft Security.
Key Benefits
Security-first
Using CyberArk’s secured authentication architecture and FIDO2-certified cloud server reduces the risk of unauthorized access and ensures continuous security, even in the case of a compromised password.
Greater Flexibility – Meet Azure MFA Sign-in Requirements
New EAM-CyberArk integration enables organizations to leverage their existing CyberArk Workforce Identity solution as an added layer of security. By extending the CyberArk arsenal of authentication factors to Entra ID multifactor authentication processes, organizations can meet Azure sign-in multifactor authentication requirements.
Seamless Integration
Integrating CyberArk’s adaptive MFA offering with Microsoft’s EAM allows security teams to easily adapt their authentication protocols without a complete overhaul of their identity management systems. Review our docs on the exact steps.
Improve User Experience
By leveraging the new external authentication methods, organizations can take advantage of CyberArk’s passwordless capability with passkeys and mobile push notification, to name a few. Simplify user access to any application from any device without the use of a password and reduce the risk of attackers compromising access. Moreover, CyberArk offers an enhanced end user experience to reduce friction and deliver a consistent authentication process across all Microsoft and non-Microsoft workflows.
Use CyberArk as a Microsoft Entra ID External Authentication Method
Microsoft Entra ID external authentication methods is in public review today. CyberArk-EAM integration is easy to implement with a few simple steps. Read Microsoft’s EAM documentation to learn how Microsoft’s external authentication methods offers a flexible and secure way to manage your privileged account access while leveraging your identity provider of choice.
MFA Is a Great Start to Securing Your Workforce
Research shows that a cyberattack occurs every 39 seconds. In this climate, delivering SSO and MFA is a must but often is no longer a sufficient solution. This is aligned to what CyberArk Labs is experiencing in the frontlines with attackers bypassing password-based as well as MFA controls. Attackers are creative and use methods such as MFA bombing, architectural and design flaw manipulation, cookie theft and more.
Every user, regardless of their role, has access that could potentially lead to compromise of the organization’s critical data. That means it’s more important than ever to secure users’ credentials, their browsers and the machines they work on, all while continuously scanning for — and responding to — threats and governing access permissions.
CyberArk’s Workforce Identity solution lays a new foundation by providing easy, secure access to all your resources and applications, while guarding against a growing number and sophistication of attack methods. It’s about delivering layered, intelligent privilege controls that continuously extend the right amount of security to every identity — at the endpoint, within the browser and through to native and web applications — both at the point of authentication and beyond.
Yuval Glasner is a senior product manager at CyberArk.
